Share this article on:
In the wake of a hack that has seen tens of millions of people affected and more than 400 organisations impacted, it’s likely the perpetrator could earn up to US$100 million for its trouble.
The Clop ransomware gang – invariably written as Cl0p, CloP, and any number of other variants – claimed responsibility for exploiting a zero-day vulnerability in popular file transfer software MOVEit Transfer in early June 2023. Since then, the number of organisations affected by the hack has grown nearly every day.
Among the currently 431 affected organisations are Australian victims Medibank, PwC Australia, and Fortescue, with many other businesses and government agencies around the world among the growing list of victims.
By taking advantage of a single exploit, Clop has exfiltrated the data of multiple victims – and has changed its extortion tactics to suit. Rather than encrypting and exfiltrating data, Clop has skipped the encryption stage and has simply threatened to publish data instead. This kind of tactic is generally considered to have a less successful outcome, as the data is still in place on the victim’s network, leading to less operational disruption and a lower chance of receiving payment.
However, according to a report by extortion response firm Coveware, Clop has instead doubled down, demanding higher-than-normal ransoms from its victims. And while fewer victims are apparently paying up, those who do pay are paying through the nose to keep their data off the darknet.
In fact, in some recent cases, Clop has been seen posting its stolen data on the clear web, where even more people can find it, according to security researcher Dominic Alvieri.
With so many victims – Coveware believes the final list could reach more than 1,000 organisations – if even just a small number of organisations pay up, Clop makes out like the literal bandit, despite such extortion tactics generally seeing less success quarter on quarter since early 2022.
“While the MOVEit campaign may end up impacting over 1,000 companies directly, and an order of magnitude more indirectly, a very, very small percentage of victims bothered trying to negotiate, let alone contemplated paying,” Coveware said in a blog post. “Those that did pay, paid substantially more than prior Clop campaigns, and several times more than the global average ransom amount of $740,144 (+126 per cent from Q1 2023).”
“It is likely that the Clop group may earn $75–100 million dollars just from the MOVEit campaign, with that sum coming from just a small handful of victims that succumbed to very high ransom payments,” Coveware said. “This is a dangerous and staggering sum of money for one, relatively small group to possess.”
By way of comparison, Coveware points out that Clop could well end up in possession of more funds than there are in Canada’s annual offensive security budget.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.