Clop Ransomware Gang Threatens 66 Companies with 48-Hour Data Leak Ultimatum

Clop Ransomware Gang Threatens 66 Companies with 48-Hour Data Leak Ultimatum

Clop Ransomware Gang Launches Major Extortion Campaign Against Cleo Victims

The notorious Clop ransomware group has initiated a large-scale extortion campaign, targeting 66 companies affected by recent Cleo data theft attacks. The cybercriminal organization has issued a 48-hour ultimatum through their dark web portal, demanding victims respond to their ransom demands or face consequences.

The gang is directly contacting affected companies with secure chat channels for ransom negotiations, while also providing email addresses for victim communication. Companies that fail to respond risk having their full names exposed on Clop’s leak site, where currently only partial names are listed.

Technical Details of the Breach:
– The attack exploited a zero-day vulnerability (CVE-2024-50623) in Cleo’s LexiCom, VLTransfer, and Harmony products
– The flaw enables unauthorized file operations and remote code execution
– Patches are available for version 5.8.0.21 of affected Cleo products

Impact and Scope:
– The current list of 66 companies may represent only a fraction of total victims
– Cleo’s software is utilized by over 4,000 organizations worldwide
– Security researchers can identify some victims by cross-referencing partial names with exposed Cleo servers

This attack adds to Clop’s history of major breaches, including previous campaigns targeting Accellion FTA, GoAnywhere MFT, MOVEit Transfer, and SolarWinds Serv-U FTP platforms. The group has announced it will delete data from previous attacks as it focuses on this new extortion campaign.

Share This Article