Cl0p, a Russia-linked ransomware gang, has resurfaced, claiming attacks on 47 companies, including DXC Technology and Chicago Public Schools.
Apparently, the MOVEit heist was not enough. The notorious ransomware gang Cl0p continues to target companies worldwide, claiming 47 companies as its latest victims. The majority of companies are based in the US, but the list goes on to include companies from Canada, Mexico, the UK, and Ireland.
Among the victims is DXC Technology, a multinational IT services and consulting company with 130,000 employees worldwide.
Chicago Public School (CPS) was also among the affected organizations. CPS is the third-largest school district in the United States, serving over 330,000 students across more than 600 schools, employing approximately 40,000 staff members.
Cybernews has reached out to DXC and CPS for comment, but a response is yet to be received.
The Russia-linked cybercriminals have listed the companies on their leak site on the dark web, claiming that the companies “ignored” the notice and haven’t contacted the gang.
Cl0p distinguishes itself from other ransomware gangs through its unique approach to communication. Rather than reaching out to affected companies directly, the gang posts a message on its dark web platform, prompting victims to initiate contact. This strategy may be driven by the sheer volume of compromised organizations.
Cl0p clan utilizes the ransomware-as-a-service (RaaS) model, allowing affiliates to use its ransomware software in exchange for a predetermined share of the ransom.
The gang uses a "double-extortion" tactic, in which it both encrypts and steals victim data. Normally, if the ransom is not paid, Cl0p not only refuses to restore access but also publishes the exfiltrated data on its leak site.
Here’s a full list of alleged victims listed on Cl0p’s leak site, first shared by threat intelligence platform FalconFeeds:
- Carlson Distributing
- The Castlewood Group
- Catch-Up Logistics
- Cathay Home
- Cedar’s Mediterranean Foods, Inc
- Cesar Castillo LLC
- Challenger Motor Freight
- Chemstar
- Cherokee Distributing Company, Inc
- Cinema 1
- Datapak Services Corporation
- Cass Information Systems
- Chicago Public Schools
- Clearon Corp
- DXC TEchnology
- DeCrescente Distributing Company
- DirecTex
- Editel
- DLF North America
- Derry Group Ireland
- Donlen LLC
- Ekonom
- Conbraco Industries, Inc
- Dana-co LLC
- Diaz Foods
- Dundas Jafine, Inc
- Detecno S.A. de C.V.
- Classic Accessories
- Design Design Inc
- Betances drugstore, Inc
- Delta Children
- Dunn-Rite Products
- Team Blue Internet Services UK Limited
- Codagami, Inc
- D2GO
- Coghlan's
- Dynasty Footwear
- Compass Health Brands
- Collection XIIX, Ltd
- Data Group
- Connexion informatique
- Covectra
- Crest Brands Group
- Crane Building Services & Utilities
- 3 companies named as CGDC.COTTONG.LOCAL, CLAW.LOCAL, and CYCLE.LOCAL
The mastermind behind the biggest hack in history
The ransomware cartel is responsible for the infamous MOVEit and Fortra GoAnywhere file management software hacks. The MOVEIT exploit, which occurred in 2023, was one of the largest-ever hacking campaigns, impacting over 2,600 organizations and almost 90 million individuals.
It’s estimated that the gang earned between $75 to $100 million from the MOVEit hacks alone.
At the end of 2024, Cl0p listed 63 organizations on its leak site after exploiting critical security flaws in the Cleo file transfer platform, including Cleo Harmony, Cleo VLTrader, and Cleo LexiCom.
The Cleo hack victims included major companies and organizations such as Western Alliance Bank, Hertz, Chicago Public Schools, Nissin Foods (maker of Ramen Cup Noodles), and SDI Technologies (Timex, iHome).
The gang received a huge blow in 2021 when Ukrainian law enforcement dismantled the cartel’s IT infrastructure and made arrests. Despite a temporary shutdown of its operations, the gang has been actively targeting new victims.
Your email address will not be published. Required fields are markedmarked