Clop: new increase in criminal activity on the dark web

There has been an increase in blackmail activity from the Clop group, a well-known cybercriminal collective identified as a major perpetrator of recent cyber extortion attacks targeting corporate servers. In a significant change of strategy, Clop began posting the stolen data not only on the darknet, but also on clearweb sites, complicating the companies' security measures.

Alleged infiltration of MOVEit

Clop's recent operations have included an ostensibly targeted assault on Ipswitch's MOVEit system. Considered a loudspeaker for the secure exchange of sensitive data between servers, MOVEit is an ambitious move for any criminal collective. However, this isn't the first time Clop has targeted the MOVEit system, highlighting the group's sophisticated infiltration capability.

Modus operandi of Clop and its ramifications

The Clop group has perfectly represented the "double extortion" phenomenon in its activity, where the victims of the attack are blackmailed twice. Initially, the culprits demand a ransom for data decryption, then threaten to reveal the stolen information if payment is not made. This modus operandi puts businesses under double pressure: losing access to their data and facing a potential privacy breach.

Tips for preventing cyber attacks

To prevent attacks such as those carried out by Clop, it is essential to ensure effective procedures for data security. We recommend that you implement regular password rotation, employ multi-layered defense techniques, and use strong encryption tools. Staff training on spear phishing threats and incident response planning can also provide an additional layer of defense. In an increasingly interconnected world, businesses need to be more proactive than ever to protect their valuable data.