• Sat. Oct 14th, 2023

Clop Ransomware: Data on Leaks

Avatar photo

ByEsme Greene

Aug 29, 2023
Clop Ransomware: Data on Leaks
Esme Greene
Latest posts by Esme Greene (see all)

The Clop ransomware gang has recently copied a strategy from their competitor ALPHV group by building open leak websites, which are accessible without a Tor connection and are devoted to certain target organizations. This tactic tries to hasten the release of stolen data and put pressure on victims to swiftly pay the ransom.

When Clop ransomware enters a business network, it grabs data from the servers of the firm before encrypting it to prevent access. The stolen data is used as a potent instrument for double extortion, in which the victims are warned that their personal information will be made public if the ransom is not paid.

The Tor network is frequently used to host data leaking websites, making it difficult for government authorities to stop or confiscate their infrastructure. For ransomware operators, this hosting approach has drawbacks, since the sites need a specialized Tor browser and are not indexed by search engines, which causes poor download times.

To get around these challenges, the ALPHV gang unveiled a fresh kind of extortion last year: the creation of public websites for the release of stolen information that were sold as a way for regular employees to determine whether their data had been hacked. These websites are reachable over the ordinary Internet, making it easier to obtain material and possibly expanding its reach through search engine indexing.

Clop Ransomware Leaks: Fears and Shutdowns

The initial website created by Clop had four ZIP files of stolen material and was directed towards PWC Australia. Then, websites for Aon, Ernst & Young, Ameritrade, and other businesses were made.

Even while these Clop sites lack the sophistication of ALPHV’s and merely offer download links for data rather than a searchable database, they nonetheless serve to scare staff members, executives, and business partners who have been harmed by the leak. These people may find their personal information in the archives, which would put pressure on the business to pay the hackers’ ransom.

This leaky approach has several benefits, but it also has some very serious problems. It is simpler to take down these websites when they are hosted publicly rather than through Tor. As a result, all sites hosting the open Clop ransomware have been temporarily shut down.

It is still unclear if the closure was caused by legal requirements, DDoS assaults by cybersecurity companies, or operations by hosting companies and domain registrars. There are still questions about the effectiveness of this extortion approach given how simple it is to take down open sites.

Avatar photo

Esme Greene

Esme brings a wealth of knowledge and experience to our website, specializing in all aspects of DarkWeb security. With a deep understanding of the intricate workings of the DarkWeb and its associated cybersecurity risks, Esme curates insightful and informative content for our readers.