Clop Ransomware Also Follows the Trend - Leaks Data After Failed Ransom Attempt

What happened

• On March 13, 2020, ExecuPharm experienced a data security incident, in which hackers accessed the company servers, and encrypted 163 GB of data, asking for a hefty ransom in exchange for decryption keys.
• In April 2020, after a failed negotiation followed by a non-payment of ransom, Clop ransomware operators leaked a huge chunk of data, including thousands of emails, database backups, accounting, and financial records, and other user documents, onto a site on the dark web.

Clop’s other connections

• In March 2020, Clop operators showed their intentions of following the trend of exposing the data stolen by them. The operators launched a leak site called "CL0P^_- LEAKS" hosted on dark web, which they are now using to publish stolen data for non-paying victims.
• In late March 2020, Clop ransomware was used to breach the UK-based Logistics Company, EV Cargo Logistics, whose data was leaked online on the leaks website after no ransom was paid.
• In December 2019, Clop ransomware was used to target Maastricht University's Windows servers, and the attackers demanded a payment of 30 BTC in ransom. In February 2020, when the complete payment was made, the TA505 group that operated the Clop ransomware had provided the decryption key, which allowed the university to restore access to their systems.
• In November 2019, Clop ransomware was found attempting to disable Windows Defender as well as removing the Microsoft Security Essentials and Malwarebytes' standalone anti-ransomware programs from the targeted systems, in order to avoid detection while encrypting user data.

Staying protected