Dozens of Cleo hack victims extorted by Clop ransomware

Sixty-six organizations purportedly compromised in attacks involving the exploitation of a zero-day vulnerability impacting various Cleo managed file transfer platforms were warned by the Clop ransomware gang to have their names publicly disclosed should they refuse to engage in ransom payment negotiations within 48 hours after Christmas Eve, BleepingComputer reports.

More companies are expected to have been breached as a result of the attacks, with the figure noted by Clop to indicate the number of firms that have not yet responded to its private communications that include a link to a secure chat channel for negotiations.

Some of the organizations impacted by Clop could also be determined by verifying the threat group's clues and the owners of publicly exposed Cleo servers, according to Macnica researcher Yutaka Sejiyama.

Such a development continues Clop ransomware's targeting of vulnerable MFTs, having previously compromised organizations in intrusions exploiting MOVEit, Fortra GoAnywhere, and Accellion FTA zero-days.