Cl0p ransomware group threatens executives of major companies with data extortion
Pro
Image: Getty via Dennis
Executives of major companies are facing extortion attempts from a well-known ransomware group demanding access to sensitive data allegedly stolen via Oracle Corp.’s E-Business Suite applications. This information comes from Genevieve Stark, head of cybercrime at the Google Threat Intelligence Group, and three other sources familiar with the situation.
According to Stark, the extortion campaign began on or before 29 September. Hundreds of compromised third party e-mail accounts were used to send threatening messages claiming data theft via Oracle. While the e-mails contained grammatical errors typical of the group’s communication style, they included contact details found on the Cl0p website and an e-mail address previously associated with a Cl0p affiliate.
Google has yet to confirm the accuracy of these extortion allegations due to insufficient evidence. Other sources declined to disclose the identities of the targeted executives or whether any ransom had been paid.
Cl0p is known to have attacked major organisations with advanced malware, encrypting files and demanding ransom for decryption. In 2023, Cl0p exploited vulnerabilities in MOVEit, a file transfer product used by companies to exchange sensitive data, leading to the alleged compromise of data from hundreds of organisations. Notable victims include Shell Plc, British Airways, and the BBC.
The US Cybersecurity and Infrastructure Security Agency published an advisory in June 2023 labeling Cl0p as one of the world’s largest distributors of phishing and spam. It is estimated that Cl0p has compromised more than 3,000 organisations in the U.S. and over 8,000 worldwide.
Business AM