CLOP has meanwhile established itself in the ransomware scene as one of the most agile hacker gangs internationally. The APT group also pulled off the attack on the MOVEit vulnerability on its own and is negotiating with hundreds of companies about their data.
In the last twelve months alone, CLOP or "Cl0p" has been written - known to at least nine attacks in Germany. In comparison, the ransomware gang LockBit, which is currently most active in Germany, carried out 24 attacks in the same period. In the case of the Cl0p leaks, however, the extent of the attacks is particularly interesting.
Hundreds of targets compromised with a single attack
In 2023, we saw hacker gangs increasingly using zero-days and unpatched vulnerabilities to compromise dozens or even hundreds of targets with just a single campaign. This indicates a change in ransomware tactics and a possible escalation of the ransomware problem. Such changes in the ransomware scene are very rare, as tactics are mostly established and only change slowly.
For CLOP, this new approach also entails new challenges. Instead of dealing with just a few victims, they now have to deal with hundreds of victims at once. It's a challenging task and we're excited to see how they tackle the logistical challenges in real time. Should the gangs be successful in this, it could have far-reaching negative effects.
Zero-days could herald a transformation
In the ransomware ecosystem, we've seen in the past that once one group discovers a novel and successful tactic, other groups quickly follow suit. One such turning point came in 2019, when the Maze ransomware group embarked on a sweeping transformation, now known as 'Double Extortion'. The use of zero-days at Cl0P has the potential to bring about a similar change. Ultimately, it will depend on the return on investment of the tactic.
From the gang's perspective, the campaign has been a mixed success so far. Although a previously unknown vulnerability was exploited, the group may not have been satisfied with the generally low quality of the stolen data. Despite this, the Cl0P campaign has shown that ransomware gangs can now afford the cost and complexity of deploying zero-days. And when they do, the volume of attacks can far exceed what has previously been possible with other approaches.
More at Malwarebytes.com
Via Malwarebytes Malwarebytes protects home users and businesses from dangerous threats, ransomware and exploits that are undetected by antivirus programs. Malwarebytes completely replaces other antivirus solutions in order to avert modern cybersecurity threats for private users and companies. More than 60.000 companies and millions of users trust Malwarebyte's innovative machine learning solutions and its security researchers to avert emerging threats and eliminate malware that antiquated security solutions fail to detect. You can find more information at www.malwarebytes.com.
One thought on "Ransomware gang CLOP successful with new attack tactics"
Comments closed