"Clop Ransomware Now Uses Torrents to Leak Data and Evade Takedowns"
The Clop ransomware gang has modified its extortion tactics, now using torrents to distribute data stolen in MOVEit attacks. The group launched a wave of data theft attacks beginning on May 27, exploiting a zero-day vulnerability in the MOVEit Transfer secure file transfer platform. The threat actors stole data from nearly 600 organizations by exploiting this zero-day vulnerability. On June 14, the ransomware gang began extorting its victims, gradually adding their names to their Tor data leak site and eventually releasing the files to the public. However, leaking data through a Tor site has drawbacks, as the slow download speed makes the leak, in some cases, less damaging than it could be if the data was easier to access. To overcome this, Clop created clearweb sites to leak stolen data for some MOVEit data theft victims, but these domains are easier for law enforcement and businesses to shut down. Therefore, Clop has begun leaking stolen data via torrents as a new remedy to these issues. This article continues to discuss the Clop ransomware gang moving to torrents.
Bleeping Computer reports "Clop Ransomware Now Uses Torrents to Leak Data and Evade Takedowns"