Data stolen in MOVEit breach leaked by notorious ransomware gang

Clop is taking the next step to threaten victims

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A top cybersecurity analyst and security researcher has claimed the Clop ransomware gang responsible for the MOVEit attacks is ramping up its threats in the hope to get victims to pay up.

Dominic Alvieri discovered on July 22 that the Russianransomwaregroup had created a clearnet domain designed to distribute stolen data from one of its targets, professional services giant Ernst & Young, posting a screenshot of the dotcom website toTwitter.

Ernst & Young, trading as EY, had been notified via Tweets and direct messages from Alvieri, but it’s uncertain whether the company has responded.

Clop threatens to leak MOVEit data

The analyst and researcher also reached out toBleepingComputer, informing the publication that the ransomware group’s first target was business consulting firm PWC.

These are the best firewall tools around>Ransomware gangs are losing interest in US firms>There’s a hefty reward in store for those who know about Clop ransomware links

In addition to EY and PWC,BleepingComputerreports that websites had also been created for Aon, Kirkland, and TD Ameritrade.

Typically, data leaks are hosted on the Tor network thanks to the additional anonymity and difficulty relating to how enforcement bodies can remove the pages. Instead, Clop is threatening to leak MOVEit breach data on the regular Internet, hence Alvieri’s ‘dotcom’ comment.

Because of the nature of clearnet domains, websites are at a much higher risk of being taken down, which has been true in the case of Clop, though it’s unclear whether enforcement agencies or hosting providers are responsible for their takedown.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Similarly,BleepingComputersuggests that cybersecurity firms could have launched their own DDoS attacks in an effort to protect victims.

According toCoveware, the small number of Clop’s estimated 1,000 direct targets that are likely to pay - or have already paid - ransoms could see the Russian group earn $75-100 million from MOVEit-linked demands alone.

ViaBleepingComputer

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!

Best CDN provider of 2024

Google’s new AI video maker for businesses is now available on Workspace

Intel Battlemage rumored for December – could new budget GPUs win over gamers neglected by Nvidia and save the Arc brand?