ADVERTISEMENT

Cl0p dumps all MOVEit victim data on clearnet, threat insiders talk ransom strategy

In what could be seen as a bold move or a sign of desperation, the Cl0p ransomware group has made good on its August 15th promise to publish the files of all its victims if contact was not made by the latest deadline. Does this mean the MOVEit fiasco is finally winding down? Cybernews gets the 411 on Cl0p strategy from two threat intel leaders during Black Hat.

Cl0p leaks, cl0p gang, clop

Image by Cybernews

Stefanie Schappert
Stefanie Schappert Senior Journalist
Aug 16, 2023 Updated: 15 November 2023 7 min read

Las Vegas or bust, Cl0p throws all in

Cl0p Moveit Aug 15 deadline2
Cl0p leak site

Cl0p's lesson in customer service

Cl0p Aug 15 publish lists
On August 15th, Cl0p published all the data from hundreds of victims who have purportedly refused to pay. Cl0p leak site.
ADVERTISEMENT
Cl0p 100 download parts
Cl0p is no longer publishing victim files in pieces, instead creating one direct torrent link for faster downloads. The first image shows a small part of the PWC cache of 98 separate downloadable files posted on Cl0p's dark leak site. The second image is a portion of Cl0p's direct Torrent links.

Other strategic ransomware tidbits

MOVEit Transfer, file transfer software system
Moveit Transfer is a file-sharing platform created and distributed to thousands of companies worldwide by the American software firm Progress. Image by Progress Software

The end or the beginning?

Cl0p Affleck MOVEit Meme
ADVERTISEMENT