Clop ransomware is now extorting 66 Cleo data-theft victims

The Clop ransomware gang began to extort victims of its Cleo knowledge theft assaults and introduced on its darkish internet portal that 66 firms have 48 hours to answer the calls for.

The cybercriminals introduced that they’re contacting these firms instantly to supply hyperlinks to a safe chat channel for conducting ransom fee negotiations. In addition they offered e mail addresses the place victims can attain out themselves.

Within the notification on their leak web site, Clop lists 66 partial names of firms that didn’t interact the hackers for negotiations. If these firms proceed to disregard, Clop threatens to reveal their full identify in 48 hours.

Clop
Supply: BleepingComputer

The hackers notice that the record represents solely victims which were contacted however didn’t reply to the message, suggesting that the record of affected firms could also be bigger.

Clop achieves one other main breach

The Cleo knowledge theft assault represents one other main success for Clop, who leveraged leveraging a zero-day vulnerability in Cleo LexiCom, VLTransfer, and Concord merchandise to steal knowledge from the networks of breached firms.

Prior to now, Clop ransomware accessed firm networks by exploiting zero-day vulnerabilities in Accellion FTA safe file switch platform, GoAnywhere MFT platform, and MOVEit Switch platform.

The gang can also be answerable for one other hacking spree concentrating on firms operating the SolarWinds Serv-U FTP software program.

The zero-day flaw exploited this time is now tracked as CVE-2024-50623 and it permits a distant attacker to carry out unrestricted file uploads and downloads, resulting in distant code execution.

A repair is obtainable for Cleo Concord, VLTrader, and LexiCom model 5.8.0.21 and the seller warned in a non-public advisory that hackers had been exploiting it to open reverse shells on compromised networks.

Earlier this month, Huntress publicly disclosed that the vulnerability was actively exploited and sounded the alarm that the seller’s repair might be bypassed. The researchers additionally offered a proof-of-concept (PoC) exploit to show their findings.

A number of days later, Clop ransomware confirmed to BleepingComputer that it was answerable for exploiting CVE-2024-50623.

The notorious ransomware group declared that knowledge from earlier assaults will now be deleted from its platform because it focuses on the brand new extortion spherical.

In an e mail to BleepingComputer, Macnica researcher Yutaka Sejiyama mentioned that even with the unfinished firm names that Clop revealed on its knowledge leak web site, it’s attainable to determine among the victims by merely cross checking the hacker’s hints with homeowners of Cleo servers uncovered on the general public internet.

At the moment, it’s unknown what number of firms have been compromised by Clop’s newest assault wave, however Cleo claims that its software program is utilized by greater than 4,000 organizations worldwide.

Recent articles

Ruijie Networks’ Cloud Platform Flaws Might Expose 50,000 Units to Distant Assaults

Dec 25, 2024Ravie LakshmananCloud Security / Vulnerability Cybersecurity researchers have...

Iran’s Charming Kitten Deploys BellaCPP: A New C++ Variant of BellaCiao Malware

Dec 25, 2024Ravie LakshmananCyber Assault / Malware The Iranian nation-state...

Postman Workspaces Leak 30000 API Keys and Delicate Tokens

SUMMARY 30,000 Public Workspaces Uncovered: CloudSEK identifies large information leaks...