Clop Ransomware Returns: 21 Victims Suffer Cyberattack

Share post:

Clop ransomware gang has returned to the ransomware threat landscape a few months after shutting down its operations between November and February.

The activities of the ransomware group became noticeable after it had added 21 new victims to its data leak site in just one month (April).

Clop’s most targeted sector was the industrial sector. 45% of Clop ransomware attacks target industrial organizations, while 27% target technology companies.

“CLop had an explosive and unexpected return to the forefront of the ransomware threat landscape, jumping from the least active threat actor in March to the fourth most active in April. There were notable fluctuations in threat actor targeting in April. While Lockbit 2.0 (103 victims) and Conti (45 victims) remain the most prolific threat actors, victims of CLoP increased massively, from 1 to 21,” NCC Group explained.

Clop ransomware deals in the exfiltration of large amounts of data from high-profile companies using Accellion’s legacy File Transfer Appliance (FTA). The stolen data are later used as leverage to blackmail the compromised companies, whereby they are forced to pay high ransom demands to prevent their data from leaking online.

There is speculation that the recent actions of the Clop gang are part of the process of finally shutting down their operations after a long period of inaction.

The sources for this piece include an article in BleepingComputer.

Featured Tech Jobs


Related articles

Google delays launch of new AI model Gemini

Google's highly anticipated AI model, Gemini, has had its launch rescheduled to early 2024, as reported by The...

Cyber Security Today, Week in Review for Friday, December 1, 2023

This episode features a discussion on ransomware, the latest explanation from Okta of a support hack and a survey of infosec pros whose firms w

Cyber Security Today, Dec. 1, 2023 podcast – More on compromises

This episode reports on the sanctioning of the Sinbad crypto mixe

All Okta customer support users had their email addresses copied

Identity and access provider Okta now says the threat actor who accessed its customer help desk system last month got the names and email addresses of all contacts of organizations that use its support system. Originally, the company said that, after an investigation, it determined only one per cent of the contacts from its 18,000

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways