HQ/EMEAFind out how we can help your business
Fraudsters are impersonating the notorious Clop ransomware group to extort various organisations.
Based on reports, this newly discovered activity is part of a pattern in which scammers impersonate high-profile ransomware organisations to deceive victim entities. These malicious individuals commonly claim to have exfiltrated critical data to extort victims’ payments.
In the extortion email, the scammers claim to have exploited a vulnerability in Cleo, a managed file transfer company, to gain unauthorised access to the victim’s network. They also argued that this exploitation allowed them to download and exfiltrate data from the servers.
The fraudsters use news about Clop ransomware to add legitimacy to their claims.
The threat actors added credibility to their operations by linking to a media blog article reporting that Clop ransomware had stolen data from 66 Cleo customers.
On the other hand, the ransomware group frequently exploits flaws in controlled file transfer technologies to attack victims on a large scale. In the bogus email, the victim was informed that unless they paid, the stolen information would be published on the hackers’ “Blog.”
The targets were provided with contact email addresses, and victims were encouraged to contact them. The email had all the characteristics of a hoax, as it lacked elements consistent with actual Clop extortion demands.
The researchers stated that victims are most likely dealing with Clop ransomware if the email contains elements such as a 48-hour payment deadline, links to a secure chat channel for ransom payment negotiations, and partial names of companies whose data has been compromised. Hence, they must take immediate action to mitigate the incident.
Furthermore, if these factors are absent, they may come from scammers posing as ransomware operators. Fake Clop extortion emails will likely include media coverage of actual Clop ransomware attacks to appear legitimate.
This incident came after law enforcement agencies disclosed that fraudsters were sending extortion letters to organisations claiming to be from the BianLian ransomware group.
Organisations that could potentially receive threats from ransomware groups should assess the situation and verify the claims of such notifications. Scammers will likely take advantage of ransomware incidents as they inflict panic and risk on targeted companies, which could eventually lead to profitable attacks if successful.
