Clop ransomware may have infected even more victims than previously thought

by DTM | Posted on

When the Clop ransomware gang first revealed it abused a flaw in GoAnwyhwere and stole data from 130 companies, not a lot of people believed them. Especially because at the time, the group only added details from one victim – Health Systems – to its data leak website.

However, as days go by, and Clop keeps on adding more and more victim companies to its website, it just might be that the group was telling the truth from the very start. That still doesn’t mean the number is correct.

The latest victim is the Canadian financing giant Investissement Quebec. Earlier this week, the company confirmed to TechCrunch that “some employee personal information” was taken by the group, after abusing the GoAnywhere vulnerability.

Dozens of victims

Before that, we’ve had dozens of companies added to the leak site, which later confirmed having been breached: Hitachy Energy, Hatch Bank, Rubrik, AvicXchange, Saks Fifth Avenue, Galderma, ITx Companies, Brightline, Emerald Expositions, MedMinder, Onex, the City of Toronto (allegedly, yet unconfirmed), Homewood Health, Guinness Partnership, Avidia Bank, Medex Healthcare, Cornerstone Home Lending, and Grupo Vanti, just being some of them.

Read more

 > Hitachi Energy confirms data breach after being hit by Clop ransomware

> Hatch Bank says 140,000 customers had data stolen after breach

> Here’s our rundown of the best endpoint protection

TechCrunch says that the group has so far added roughly half of the 130 companies allegedly affected. But that still doesn’t mean the data was stolen, or that it’s valid. Payment software startup AvidXchange, for example, told the media that even though it was listed on Clop’s website (as “coming soon”), it doesn’t store any data on Fortra.

Saks Fifth Avenue said the group only stole “mock data” – placeholder data used by different company departments for training and analysis. “The mock customer data does not include real customer or payment card information and is solely used to simulate customer orders for testing purposes,” said Saks spokesperson Nicola Schoenberg.

Even if the number ends up being smaller than what Clop originally stated, it will still most likely be a lot more than what everyone initially thought. 

Via: TechCrunch