The Clop ransomware group has taken a new approach by offering access to stolen data from MOVEit attacks through torrents, a development unveiled by security researcher Dominic Alvieri on Twitter.
Screenshots provided evidence of prominent victims, including Putnam investment firm, Iron Bow Technologies, and Delaware Life insurance company, among others, whose data is now accessible through peer-to-peer sharing. Recognizing the limitations of slow downloads for large data dumps on traditional leak sites, Clop’s move highlights their strategic adaptation.
In addition to the data accessibility shift, Clop furnished users with practical instructions on utilizing torrent clients, along with information concerning approximately 20 organizations that fell victim to compromise.
This innovation isn’t the first from the ransomware group, as Clop has previously established dedicated surface web sites to facilitate data accessibility for specific breached entities, a strategy witnessed in their treatment of organizations like PwC.
This evolution in ransomware tactics underscores the dynamic landscape in which cybercriminals continuously innovate to bolster their reputation and financial gains through unique strategies. Another area of exploration for these groups is the direct engagement of victims, as illustrated by a recent incident in which a different group manipulated a university’s mass alert system to pressure individuals into advocating for ransom payment.
Clop’s ability to exploit a zero-day vulnerability in the MOVEit managed file transfer software resulted in the compromise of numerous victims, affecting millions of end users. Most notably, the recent revelation by Virginian government contractor Maximum regarding the compromise of personal information further underscores the widespread impact of these ransomware campaigns.
