CL0P ransomware gang is on the rise

Soojin Jeong, Nathan Salminen
Hogan Lovells
Contact
LinkedIn
Facebook
X
Send
Embed

Hogan Lovells

CL0P is adopting “quadruple extortion” tactics.

If your organization has received a ransomware demand, CL0P may be a familiar name. In 2023, CL0P was the third most prolific ransomware gang, after Lockbit and ALPHV.

The Russia-linked CL0P cybercrime organization has become one of the most successful ransomware organizations in the world. Using a Ransomware-as-a-Service model (RaaS), CL0P affiliates can pay a deposit and use the CL0P ransomware to hack organizations and steal data, which are then held as ransom for multimillion dollar payments. If victims fail to pay the demanded ransoms, then the stolen data is posted on the “CL0P^_-LEAKS” site.

Since 2019, CL0P has utilized this “double extortion” tactic- stealing data and threatening to leak it. Other ransomware gangs have also engaged in “triple extortion.” This additional step involves threats to engage in Distributed-Denial-of-Service (DDoS) attacks that would shut down systems and render them inoperable, thereby increasing pressure on victims to comply with attackers’ demands.

CL0P has now begun using “quadruple extortion” techniques. In addition to the above, if victims do not comply, then CL0P will send messages to harass customers, business partners, employees, media, and high-level executives to notify them that the organization was hacked. These methods have led to a rise in average ransomware payments.

Targeting some of the world’s largest organizations, the CL0P ransomware gang has focused on the financial, manufacturing, and healthcare industries. Last May, CL0P gained notoriety for exploiting vulnerabilities in the MOVEit managed file transfer solution, extracting sensitive data from U.S. government agencies, schools, healthcare, and major firms. Earlier in 2023, the CL0P ransomware group exploited a similar zero-day vulnerability in the Fortra GoAnywhere managed file transfer platform and sent ransom notes to company executives.

CISA and the FBI recommend the following cybersecurity measures to mitigate CL0P cyber threats:

  • Inventory assets and data to identify authorized and unauthorized devices and software.
  • Grant administrative privileges and access only when necessary, and execute only legitimate software applications.
  • Monitor the network and activate security configurations on network infrastructure devices.
  • Regularly patch and update software and application.
  • Conduct regular vulnerability assessments.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Hogan Lovells | Attorney Advertising

Written by:

Hogan Lovells
Hogan Lovells
Contact
more
less

Hogan Lovells on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide