The Cl0p ransomware gang on Monday claims to have published a slew of files belonging to US-based cloud storage company Rackspace Technology.
The Russian-linked ransomware group began uploading the supposed Rackspace cache on its dark leak site sometime Monday evening, claiming the multi-cloud computing company had been contacted by the threat group, but chose to ignore its demands.
“DEAR COMPANIES. Below you can find a list of companies that were notified but ignored and did not contact us,” Cl0p posted, along with three separate email addresses for victims to contact them.
“RACKSPACE.COM FULL FILES PUBLISHED VIA TOR,” it wrote in red using all capital letters.
Listing an annual revenue of $2.8 billion, Rackspace has close to 600,000 companies that use its cloud services, many located in the US and in the retail industry, according to data analytics firm enlyft.
It’s also not the first ransomware attack to have hit Rackspace. In December 2022, the San Antonio, Texas-based cloud solutions company was breached by the Play ransomware group via a previously unknown security exploit which allowed access to its hosted exchange email environment, according to a HackerNews report at the time.
With close to 8,000 employees worldwide, Rackspace has additional locations in Ashburn, Virginia and Austin, Texas, as well as Canada, India, Dubai, Switzerland, the Netherlands, and Mexico, the company states.
The company furthermore lists data centers in Dallas, Chicago, New York City, London, Amsterdam, Frankfurt, Hong Kong, Shanghai, Sydney, and Singapore.
As typical of the ransomware group, Cl0p claims Rackspace "doesn't care about its customers, it ignored their security!!! The leak site shows six separate file downloads, which Cybernews was unable to verify.
Cl0p has not listed the number of files, the data amount, or type of information it has purportedly exfiltrated during its attack. Cybernews has reached out to Rackspace for comment and is waiting on a response.
Cl0p lists hundreds of Cleo victims
Revealed in late February, the Rackspace leak announcement sits above an alphabetical list of roughly 170 other victim companies, presumably part of a Cl0p hacking spree that exploited two zero-day vulnerabilities in Cleo's file transfer software programs, including Cleo Harmony, Cleo VLTrader, and Cleo LexiCom.
HomeDepot (Mexico), Lolly Togs, Nature Sweet, Petmate, Simple Human, and VS Logistics are some of the other more prominent names on the list. Home Depot has further denied being a victim of the Cleo software attacks.
The ransomware group began leaking scores of victims from the Cleo hacks just days before the New Year. Since then, dozens of those companies have been listed as published on the Cl0p site.
Blue Yonder, a leading supply chain software provider, with clients like Starbucks, BIC, and several major UK grocery chains, was the first victim to be outed by the ransomware cartel on its dark leak site, although the company has also denied Cl0p was involved in its most recent November breach.
Other Cleo hack victims claimed on the Cl0p site include major companies and organizations, such as Western Alliance Bank, Hertz, Chicago Public Schools, Nissin Foods (maker of Ramen Cup Noodles), and SDI Technologies (Timex, iHome).
Threat researchers at Google’s Mandiant traced the mass Cleo exploitation back to October and reported having observed several backdoors deployed on compromised systems.
The Cl0p ransomware cartel is responsible for the 2023 infamous MOVEit and Fortra GoAnywhere file management software hacks.
The MOVEIT exploit was one of the largest-ever hacking campaigns, impacting over 2,600 organizations and almost 90 million individuals. It’s estimated that the gang earned between $75 to $100 million from the MOVEit hacks alone.
Your email address will not be published. Required fields are markedmarked