News

The Clop ransomware gang has changed its tactics and is now using torrents to leak data that was stolen in MOVEit attacks. The gang started launching data-theft attacks on May 27th, exploiting a zero-day vulnerability in the MOVEit Transfer secure file transfer platform. Nearly 600 organizations worldwide were affected by the attacks before they knew they had been hacked.

On June 14th, the ransomware gang started extorting the victims by gradually adding their names to a Tor data leak site and eventually releasing the stolen files publicly. However, leaking data through a Tor site is slow and not as damaging as it could be if the data were more accessible.

To address this issue, Clop created clearweb sites to leak stolen data from some of the MOVEit data theft victims. While these domains are easier to take down, they provide a temporary solution.

In a new approach, Clop has now turned to torrents to distribute the stolen data from the MOVEit attack. Security researcher Dominic Alvieri discovered this change and found that torrents have been created for twenty victims, including Aon, K & L Gates, Putnam, Delaware Life, Zurich Brazil, and Heidelberg.

Torrents offer faster transfer speeds compared to traditional Tor leak sites because they use peer-to-peer transfer among different users. BleepingComputer conducted a test and achieved data transfer speeds of 5.4 Mbps, even with only one IP address seeding the data from Russia.

Moreover, torrents are decentralized, making it difficult for law enforcement to shut them down. Even if the original seeder is taken offline, a new device can be used to continue seeding the stolen data.

If this method proves successful, Clop is likely to continue using torrents for data leaks because they are easier to set up and allow for broader distribution of stolen data. Coveware estimates that Clop could earn between -0 million in extortion payments. Although the number of victims paying the ransom is small, the threat actors have managed to secure large ransom demands from a few companies.

Whether the use of torrents will lead to more payments is uncertain. However, with their current earnings, it may not matter to the Clop ransomware gang.

The post The Clop Ransomware Gang Uses Torrents to Leak Stolen Data from MOVEit Attacks appeared first on satProviders.