The notorious Clop ransomware gang, responsible for the recent MOVEit attacks, has intensified its efforts to coerce victims into paying ransoms. A cybersecurity analyst and security researcher, Dominic Alvieri, recently discovered that the Russian ransomware group had created a clearnet domain specifically for distributing stolen data from one of its targets, global professional services giant Ernst & Young (EY).
Alvieri revealed the clearnet domain on July 22, sharing a screenshot of the website on Twitter. While he promptly notified EY about the breach via Tweets and direct messages, it remains unclear whether the company has responded to the threat.
Clop Targets Additional Firms In addition to EY, the Clop ransomware gang also targeted other high-profile firms, including business consulting firm PwC, Aon, Kirkland, and TD Ameritrade. The hackers typically host data leaks on the Tor network due to its enhanced anonymity and the difficulty enforcement agencies face in removing such pages. However, in a bold move, Clop is now threatening to leak the MOVEit breach data on the regular internet, hence Alvieri’s reference to the ‘dotcom’ domain.
Increased Risk of Takedown Clearnet domains, being accessible through the standard internet, are more vulnerable to takedown efforts compared to hidden services on the Tor network. Consequently, Clop’s clearnet websites face a higher risk of removal, although it remains unclear whether enforcement agencies or hosting providers are responsible for these actions. Additionally, cybersecurity firms may have launched their own distributed denial-of-service (DDoS) attacks to protect the victims.
Potential Lucrative Gains for the Ransomware Group According to Coveware, only a small fraction of Clop’s estimated 1,000 direct targets are likely to pay or have already paid the demanded ransoms. Nevertheless, the Russian ransomware group could still amass a staggering $75-100 million from the demands associated with the MOVEit breach alone.
As the Clop ransomware gang continues to escalate its threats and engage in high-stakes data leaks, businesses and organizations must remain vigilant in bolstering their cybersecurity measures to protect against such sophisticated attacks.