Clop ransomware operators were seen leaking stolen data publicly on the internet, after a failed ransom negotiation with the the targeted company.

What happened

Clop ransomware leaked files stolen from US pharmaceutical company ExecuPharm.

  • On March 13, 2020, ExecuPharm experienced a data security incident, in which hackers accessed the company servers, and encrypted 163 GB of data, asking for a hefty ransom in exchange for decryption keys.
  • In April 2020, after a failed negotiation followed by a non-payment of ransom, Clop ransomware operators leaked a huge chunk of data, including thousands of emails, database backups, accounting, and financial records, and other user documents, onto a site on the dark web.

Clop’s other connections

Clop ransomware gained notoreity over the past few months due to several notable incidents.

  • In March 2020, Clop operators showed their intentions of following the trend of exposing the data stolen by them. The operators launched a leak site called "CL0P^_- LEAKS" hosted on dark web, which they are now using to publish stolen data for non-paying victims.
  • In late March 2020, Clop ransomware was used to breach the UK-based Logistics Company, EV Cargo Logistics, whose data was leaked online on the leaks website after no ransom was paid.
  • In December 2019, Clop ransomware was used to target Maastricht University's Windows servers, and the attackers demanded a payment of 30 BTC in ransom. In February 2020, when the complete payment was made, the TA505 group that operated the Clop ransomware had provided the decryption key, which allowed the university to restore access to their systems.
  • In November 2019, Clop ransomware was found attempting to disable Windows Defender as well as removing the Microsoft Security Essentials and Malwarebytes' standalone anti-ransomware programs from the targeted systems, in order to avoid detection while encrypting user data.

Staying protected

To reduce the risk of attacks by ransomware like Clop, users should always trust only genuine vendor websites, and avoid downloading software from third-party websites or P2P networks. It is also advisable to avoid opening emails from unknown senders, especially those containing attachments.

Cyware Publisher