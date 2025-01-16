Ransomware, Supply chain, Data Security

Dozens of Cleo victims’ data threatened to be exposed by Clop ransomware

Malware attack virus alert. Person use laptop with virtual warning sign with ransomware word. warning notification, Cyber threats.

Credit: Adobe Stock Images

Fifty-nine organizations claimed to have been impacted by intrusions involving the exploitation of vulnerable Cleo file transfer platform instances were threatened by the Clop ransomware gang to have their data exposed should they fail to enter ransom payment discussions by Friday, reports Cybernews.

Aside from leaking stolen data by Saturday, Clop also warned of revealing additional companies affected by the attacks on Tuesday, indicating that the toll of the Cleo compromise — which Clop claims to include Blue Yonder, Hertz, Chicago Public Schools, Western Alliance Bank, and Nissin Foods — may have been higher than initially reported. Attacks exploiting the now-patched pair of Cleo zero-day flaws to facilitate the deployment of several backdoors commenced in October, according to a previous report from Mandiant, which initially noted the absence of mass data exfiltration. Clop's targeting of Cleo instances comes after it had attacked vulnerable MOVEit and Fortra GoAnywhere FTP instances, resulting in the breaches of more than 2,600 and nearly 130 organizations, respectively.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.

Related

Total student, teacher data theft reported from PowerSchool hack

All demographic information belonging to students and teachers dating back to a school district with almost 9,000 pupils' initial installation of PowerSchool have also been accessed as a result of the hack, according to a source close to the matter, who noted PowerSchool's lack of multi-factor authentication and other standard security defenses.

Ransomware attack impacts over 61K Avery customers

Investigation into the incident revealed that Avery's website had been compromised with a credit card skimmer that enabled the exfiltration of individuals' names, billing and shipping addresses, phone numbers, email addresses, payment card details, and purchase amounts inputted in the website between July 18 and December 9.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

BitBlock CipherByteCiphertextCryptographic Hash FunctionsData AggregationData Encryption Standard (DES)Diffie-HellmanDigital Signature Algorithm (DSA)Digital Signature Standard (DSS)

You can skip this ad in 5 seconds