The fallout from the Clop ransomware attacks on GoAnywhere platforms has become apparent this week, with the threat actors starting to extort victims on their data leak site and companies confirming breaches.
These attacks were claimed by the Clop threat actors, a ransomware gang that historically encrypted devices and stole data to extort victims into paying a ransom. However, more recently, they have been focusing on data extortion instead of encrypting.
Clop had previously claimed to have breached and stolen data from 130 organizations over ten days using the GoAnywhere vulnerabilities.
This week, BleepingComputer was told that
Clop had begun extorting victims, emailing ransom demands, and creating profiles for many victims on their data leak site. At this time, it is not known how much the threat actors are demanding not to publish data.
This has led to numerous data breach disclosures from companies, including
Community Health Systems (CHS),
Hatch Bank,
Rubrik, and
Hitachi Energy, with likely many more to come.
In addition to the Clop attacks, we learned more about various ransomware attacks, including those on
Essendant and the
LA housing authority.
The other significant news this week that will affect ransomware and other cybercrime is the
seizure of the ChipMixer platform, used by cybercriminals to launder ransom payments, stolen cryptocurrency, and revenue generated on dark web markets.
Finally, some interesting reports were released on
Trigona,
LockBit 3.0,
CatB, BianLian's shift to
pure data extortion, and more!
