Malware News The Week in Ransomware - March 17th 2023 - Shifting to data extortion


Level 68
Thread author
Honorary Member
Top Poster
Content Creator
Apr 24, 2016
The fallout from the Clop ransomware attacks on GoAnywhere platforms has become apparent this week, with the threat actors starting to extort victims on their data leak site and companies confirming breaches.

These attacks were claimed by the Clop threat actors, a ransomware gang that historically encrypted devices and stole data to extort victims into paying a ransom. However, more recently, they have been focusing on data extortion instead of encrypting.

Clop had previously claimed to have breached and stolen data from 130 organizations over ten days using the GoAnywhere vulnerabilities.

This week, BleepingComputer was told that Clop had begun extorting victims, emailing ransom demands, and creating profiles for many victims on their data leak site. At this time, it is not known how much the threat actors are demanding not to publish data.

This has led to numerous data breach disclosures from companies, including Community Health Systems (CHS), Hatch Bank, Rubrik, and Hitachi Energy, with likely many more to come.

In addition to the Clop attacks, we learned more about various ransomware attacks, including those on Essendant and the LA housing authority.

The other significant news this week that will affect ransomware and other cybercrime is the seizure of the ChipMixer platform, used by cybercriminals to launder ransom payments, stolen cryptocurrency, and revenue generated on dark web markets.

Finally, some interesting reports were released on Trigona, LockBit 3.0, CatB, BianLian's shift to pure data extortion, and more!

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.