Components of DOT Security’s Services
Explore each of the core elements that combine to form DOT Security’s complete offering
See how it all comes together
DOT Security’s holistic service- A plan to get back up and running if a problem occurs
- Comply with data security laws and industry regulations
- Expert planning and training to improve overall security
- Protection for a controlled internal environment
- Coverage for individual systems and devices
- Control who can get into your networks
- Improved insight into data and communications
- Extra fortification for your most sensitive data
Risk Assessment
InsightsCybersecurity insights and analyses
Dive into the world of modern cybersecurity with explanations, predictions, and expert opinions
Find blogs, infographics, videos, and more
DOT Security insights- Definitions for industry terms and acronyms
- The complete beginner’s guide to everything cybersecurity
Cybersecurity Consulting
Analyzing the CLOP Ransomware Gang Attacks
September 07, 2023
8 minute read
The CLOP ransomware gang, also known as TA505, has risen to some degree of infamy over the past few years, culminating with their most recent and largest scale cyberattack to date. Earlier this year the cybercriminals breached a data transfer software, MOVEit, and stole data from hundreds of companies. Since then, they have been all over the news cycle as they work to exploit their victims.
The CLOP ransomware gang is a conglomerate of cybercriminals who operate largely on the dark web and are known for mounting significant cyberattacks, typically revolving around stolen data and ransomware.
Sign up for our newsletter!
Most recently, the CLOP ransomware group launched a zero-day attack against the popular data transfer service, MOVEit. This breach allowed the cybercriminal group to successfully steal data from over 1,100 organizations (so far) which affects at least 60 million individuals.
By launching the attack against the MOVEit data transfer software, rather than targeting specific companies or organizations, CLOP was able to siphon data from a huge range of companies all at once simply based on who was using the MOVEit software.
This also allowed the criminal syndicate to bypass the cybersecurity systems that individual organizations had in place by targeting the middle man, rather than either of the endpoints.
There’s no one single and universal cybersecurity tool that will protect your network. Rather, a comprehensive approach to cybersecurity combines a wide array of advanced technology and professional expertise. Learn more with DOT Security’s Infographic: The Layered Cybersecurity Defense.
Who is the CLOP Ransomware Gang?
CLOP is a collection of cybercriminals that evolved out of the CryptoMix ransomware family in 2019. It was in February of that year that CLOP launched their first spear phishing campaign and started gaining attention in the world of cybercrime.
Operationally, CLOP is recognized as a Ransomware as a Service (RaaS) organization and they offer a variety of services to their criminal affiliates. These services include, but are not limited to:
- Ransomware as a service
- Initial access brokering (IAB)
- A botnet operator specializing in financial fraud and phishing
While CLOP has only been around since 2019, the cybercrime group has been fairly successful in collecting on ransom payments with an estimated $500 million paid as of November 2021 despite six of their members being arrested only six months prior in June.
Now, the CLOP ransomware gang is after yet another payday, working diligently to exploit data stolen in the MOVEit attack.
How did the MOVEit Attack Come About?
The MOVEit data breach is one of the largest scale cybercrimes in recent history, compromising the sensitive data of over 1,100 organizations and likely well over 60 million individuals.
But how was the CLOP ransomware gang able to pull off such a massive data heist? Well, in the case of the MOVEit data transfer attack, the main aspect of the affront was a zero-day attack that featured a malicious SQL injection.
A zero-day attack is one that leverages an open vulnerability in a piece of software or computer programming that’s only known by the attackers. The term ”zero-day” refers to the fact that the software developers have zero days to patch the vulnerability because they aren’t even aware it exists.
Since the developers don’t have visibility over the vulnerability prior to the attack, zero-day assaults have a higher rate of success than other forms of cyberattacks. In the MOVEit attack, three different critical vulnerabilities were identified, announced, and patched between May 31st and June 15th.
However, the patches were too little too late, as a staggering amount of data had already been stolen.
To make matters worse, some companies that had information stolen weren’t even using MOVEit themselves, but were instead exposed through a partner, contractor, or even subcontractor. This demonstrates how important it is to partner with companies who take cybersecurity seriously.
In fact, Gartner estimates that by 2025 nearly 60% of organizations will weigh cybersecurity risk as a factor in partnership development.
How Victims are Responding
The response to the MOVEit cyberattack launched by the CLOP ransomware gang varies from victim to victim. That said, it’s worth noting that the overall estimated cost of this giant cyberattack is currently standing at $9,923,771,385 – and that’s only based on the reported numbers so far since many organizations have yet to release the actual number of affected victims.
Emsisoft, though, projects the true scale of this number could even reach $65 billion.
While it’s quite unlikely that CLOP will see a payout from every organization they’ve crippled, they don’t necessarily need to for this attack to be considered a success. The CLOP ransomware group could earn between $75-$100 million from just a handful of companies agreeing to the terms of the posted ransom.
To pressure victims even further, CLOP has recently pivoted to a new data-leak tactic with torrents as their typical ”leak-sites” have proven fairly easy to take down and post subpar download speeds. Torrents, however, are harder to trace to the origin and prove more difficult to eradicate. Not to mention, include higher download speeds.
CLOP no doubt is hopeful that the new method of leaking data will push additional victims to cave to ransoms.
On the other side of this coin, some victims – namely, governmental agencies – have taken a more proactive approach. This has culminated in a $10 million bounty posted by the US State Department for information on the CLOP ransomware group after several government entities were affected by the MOVEit breach.
It’s worth noting that ransom payments aren’t the only way that a data breach can cost a business. Companies who suffer a sever data breach can lose the trust of their clients, partners, and customers. Not only that, but downtime is expensive too. So if any of these organizations have been rendered non-operational by the MOVEit data breach, the true cost is even higher than it’s been estimated so far.
Wrapping up on the CLOP Ransomware Gang
The CLOP ransomware group effectively launched one of the largest and most devastating zero-day attacks in recent history and are looking for a major payday because of it. With data stolen from over 1,100 organizations and the total volume of impacted individuals estimated to be over 60 million, this is truly a historic cybercrime.
The CLOP MOVEit attack brings to surface how incredibly important strategic partnerships are with cybersecurity-conscious organizations. More data exists now than ever and more organizations have their hands on that data at one point or another.
By intentionally partnering with organizations who embody a cybersecurity mindset, you can better protect your company’s data, and more importantly, your employees’ data.
Cybersecurity is an ever-advancing field rooted in next-generation technology. Learn more about developing a comprehensive cybersecurity strategy in DOT Security’s Infographic: The Layered Cybersecurity Defense.