Pressuring the victims further, the Clop ransomware group has setup a clearnet website for dumping the stolen data from MOVEit Transfer supply chain attack.
Starting with PWC, the gang listed a handful of other victims on dedicated sites – with downloadable links to the general public. Well, all these sites were now taken down for unknown reasons.
Data Leaks on Clearnet
Ransomware gangs extorting their victims has gone to new levels lately, with threat actors setting up clearnet websites to publicly leak the stolen data for further shaming them. This trend was started by ALPHV ransomware last year and now being followed by Clop gang.
As noted by a security researcher(via BleepingComputer), Clop ransomware has setup a data leak site on the surface web for PWC – a business consulting firm that’s a victim of Clop ransomware in the MOVEit Transfer supply chain attack. Days after, similar websites are setup for other victims like Aon, EY(Ernst & Young), Kirkland and TD Ameritrade.
All these clearnet sites have direct download links of the stolen data, making the dump available to anyone the web. Though it’s expanding the reach of stolen data, it makes it easier for the surface web watchers to limit it strongly and quickly.
And this is exactly the reason why ransomware actors often setup their data leak sites on Tor – as they offer the right security and privacy for the threat actor, making it harder for the enforcement agencies to take them down.
Yet, they sometimes go onto the surface web to expand their extortion reach and since such clearnet sites are hosted on the surface internet, they’re likely to be indexed by search engines.
Well, at the time of writing, all the clearnet sites established by Clop ransomware for leaking data were removed. While a reason for this is still unknown, it shows that setting up a clearnet website is not worth the effort, after all.
Other Trending News:- News