Clop ransomware gang dumps all its MOVEit data online

The operators behind the MOVEit file-sharing hack have made good on a promise to publish all of its remaining data online.

The Clop ransomware gang announced its intention to publish on 10 August and then followed through shortly after on 15 August.

“Now we post many company name and proof we have their secrets and data,” the gang said in a post on its darknet leak site. “Some company do not speed [sic] to us and decide to stay quiet. We are very reasonable operators and when right situation we offer deep discount to block you data from being sold and publish.”

“Advice you to contact us and begin discussion on how to block publicate of data. On 15 August we start publishing of every company on list that do not contact. You data is going to publishing on clearweb and Tor and for large company we also create clearweb URL to help google index you data. Also all data go on torrent and speed of download is very quick. YOU NOT HIDING MORE.”

Clop recently made some changes to its posting tactics, switching from posting its data drops on its darknet leak site – which was often not capable of keeping up with the sheer volume of data the gang had on its hands – to posting on the clear web and using torrents to share the data.

While clear web sites are easier to take down, once the files start to be torrented, they’ll be available in a distributed manner, making it harder for authorities to disrupt.

According to security company KonBriefing Research, the MOVEit hack has affected 693 organisations, impacting a total of more than 42 million individuals.

On Clop’s darknet site, the gang describes itself as a financially motivated penetration testing service.

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.