Clop extortion gang gives MOVEit exploit victims one week to reach out

The threat group behind the Clop ransomware took credit for the recent attacks exploiting a zero-day SQL injection vulnerability in a popular web-based managed file transfer (MFT) tool called MOVEit Transfer. In a message posted on its data leak site, the gang instructs victims to contact them and negotiate a payment until June 14 or see their data leaked publicly.

The message, which was modified several times, including to extend the deadline from June 12 to June 14, tells organizations that after initial contact over email they will receive a unique link to a real-time chat over the Tor network where they will be given a price for the secure deletion of their stolen data and can ask for a small number of random files as verification. If no agreement is reached in seven days, the attackers threaten to start publishing the data.

To read this article in full, please click here