Clop ransomware gang using torrents to leak victim data
The data was stolen in the MOVEit cyberattacks, and CLOP had created torrents for twenty victims.
The Clop ransomware gang has changed its extortion tactics by using torrents to distribute and leak data stolen in MOVEit cyberattacks. Security researcher Dominic Alvieri, first spotted this tactic by noticing that the gang had created torrents for twenty victims to distribute data stolen from the MOVEit attack. Some of the victims include Aon, K and L Gates, Putnam, Delaware Life, Zurich, Brazil, and Heidelberg.
The ransomware gang may have switched to torrents since it uses peer-to-peer transfer among different users, making the transfer speeds faster than traditional Tor data leak sites and also making it difficult for law enforcement to shut them down.
A test by BleepingComputer found that this method resolved Tor’s poor data transfer issues. Moreover, since the distribution method is decentralised, even if law enforcement takes the original sender offline, the site is difficult to shut down, even since a new device can be used to seed the stolen data.
Coveware estimated that Clop is expected to earn $75-$100 million dollars in extortion payments.
Why does it matter?
Using torrents to distribute data stolen in a cyberattack is a new tactic. Should it prove successful, other cybercriminal groups may adopt it as well. Additionally, the cyberattacks themselves are significant, as they have again highlighted that supply chain security is a significant concern for industries and the public sector. Read more about the MOVEit hack here.