HQ/EMEAFind out how we can help your business
The Cl0p ransomware operators have changed their extortion tactic to apply more pressure on the victims of its recent MOVEit cybercriminal campaigns.
The notorious group has compromised about 597 organisations by exploiting a zero-day flaw in the MOVEit secure transfer file platform. Last month, it started to extort its victims by including their identities on its Tor data leak website.
However, the gang has been constantly adopting new tactics to spread the stolen information from the MOVEit campaigns since the Tor sites have some limitations.
Cl0p ransomware operators leveraged torrent sites to expose stolen data.
According to recent investigations, the Cl0p ransomware group has started utilising torrent websites to leak stolen information easily.
Additionally, the gang has provided instructions on downloading the leaked data from the torrent sites. Researchers explained that the group created torrents for about 20 victims. The confirmed victims that have its exclusive torrent sites are Aon, Putman, Zurich, Brazil, Heidelberg, Delaware Life, and K&L Gates.
Furthermore, some researchers claimed that the Cl0p gang developed clearweb sites for each victim to leak stolen details. The operation made the extortion process more straightforward for the attackers since it created a sense of urgency among its victims as these sites are directly hosted on the internet. This strategy has allowed the threat actors to make their victims pay the ransom immediately.
Unfortunately for the hackers, the tactic has quickly plummeted since law enforcement agencies have taken down the clearweb sites without the Cl0p operators noticing.
On the other hand, Torrent websites leave very little chance for law enforcement to shut them down. In addition, the site organisers could replace the original seeder with a new device to seed the stolen info as needed since it owes to the decentralised nature of torrents.
Furthermore, torrent sites have faster transfer speeds as they use peer-to-peer transfer among users, unlike the Tor data leak site with a slow download efficiency.
Experts expect the ransomware group could earn nearly $100 million by extorting its MOVEit data theft campaign victims. These earnings could allow the threat actors to settle for a life or further fund their attacks to acquire new upgrades for their subsequent operations.
