Security News > 2023 > July > Clop now leaks data stolen in MOVEit attacks on clearweb sites
The Clop ransomware gang is copying an ALPHV ransomware gang extortion tactic by creating Internet-accessible websites dedicated to specific victims, making it easier to leak stolen data and further pressuring victims into paying a ransom.
This stolen data is used as leverage in double-extortion attacks, warning victims that the data will be leaked if a ransom is not paid.
Ransomware data leak sites are usually located on the Tor network as it makes it harder for the website to be taken down or for law enforcement to seize their infrastructure.
To overcome these obstacles, last year, the ALPHV ransomware operation, also known as BlackCat, introduced a new extortion tactic of creating clearweb websites to leak stolen data that were promoted as a way for employees to check if their data was leaked.
Last Tuesday, security researcher Dominic Alvieri told BleepingComputer that the Clop ransomware gang had started to create clearweb websites to leak data stolen during the recent and widespread MOVEit Transfer data theft attacks.
None of Clop's sites are as sophisticated as the ones created by ALPHV last year, as they simply list links to download the data rather than having a searchable database like BlackCat's sites.
News URL
Related news
- BlackBasta claims Synlab attack, leaks some stolen documents (source)
- New attack leaks VPN traffic using rogue DHCP servers (source)
- One year on, universities org admits MOVEit attack hit data of 800k people (source)
- New Spectre-Style 'Pathfinder' Attack Targets Intel CPU, Leak Encryption Keys and Data (source)
- University System of Georgia: 800K exposed in 2023 MOVEit attack (source)