Clop Ransomware Gang Uses Torrents to Escape Authorities

Reading time icon 2 min. read

Readers help support VPNCentral. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help VPNCentral sustain the editorial team Read more

Clop Ransomware Gang Uses Torrents to Escape Authorities

The Clop Ransomware group has once more switched extortion tactics to evade takedowns. The crew is now utilizing torrents to expose data compromised in MOVEit attacks.

The move leaves the data of around 600 organizations exposed online.

Security researcher Dominic Alvieri was the first to report this behavior. This follows sting raids by law enforcement aimed at paralyzing the gang’s operations. 

Progress Software, MOVEit’s publisher, has since released a patch for this vulnerability.

What we know about the MOVEit cyberattacks

MOVEit is a filter transfer software used by thousands of organizations worldwide. Hackers are known to have exploited a security flaw in it to steal data.

US authorities linked Clop Ransomware Group to the cyberattacks of June 7, 2023. Through a joint publication, the FBI and CISA (Cybersecurity and Infrastructure Security Agency) say the gang used malware to compromise targets.

Progress Software is previously reported to have acknowledged the security bug. It warned clients of the risks of intruders gaining unauthorized access to its systems.

Multinationals have fallen victim to this large-scale data breach. Some big names include British Airways, Sony, PWC, Skillsoft, and more.

Why torrents?

Clop Ransomware’s change of tactic doesn’t come as a surprise. Law enforcement authorities have failed to clamp on down torrent sites for years.

The cybercrime crew initially experimented using the TOR network. But speeds were slower, which made the end result less damaging than it would’ve been when accessing data faster.

Unlike traditional sites, torrent platforms use peer-to-peer (P2P) file transfers. This makes it challenging to track down and remove data copies.

P2P downloads are also known to be faster. A quick test by BleepingComputer achieved transfer speeds of about 5.4 Mbps.

Clop Ransomware aims to use this method as an extortion tactic. Victims must pay quickly to prevent the further distribution of stolen data.

Moreover, the gang is creating publicly-accessible sites to publish MOVEit data.

Should this work, the gang will likely bag up to $100 million in ransom. Surprisingly, some businesses have paid such staggering amounts to the group in the past. 

The severity of the damage remains unclear at the time of writing. But it will be interesting to see how affected organizations mitigate the threat.

Leave a Reply

Your email address will not be published. Required fields are marked *