Dozens of Cleo victims’ data threatened to be exposed by Clop ransomware

Fifty-nine organizations claimed to have been impacted by intrusions involving the exploitation of vulnerable Cleo file transfer platform instances were threatened by the Clop ransomware gang to have their data exposed should they fail to enter ransom payment discussions by Friday, reports Cybernews.

Aside from leaking stolen data by Saturday, Clop also warned of revealing additional companies affected by the attacks on Tuesday, indicating that the toll of the Cleo compromise — which Clop claims to include Blue Yonder, Hertz, Chicago Public Schools, Western Alliance Bank, and Nissin Foods — may have been higher than initially reported. Attacks exploiting the now-patched pair of Cleo zero-day flaws to facilitate the deployment of several backdoors commenced in October, according to a previous report from Mandiant, which initially noted the absence of mass data exfiltration. Clop's targeting of Cleo instances comes after it had attacked vulnerable MOVEit and Fortra GoAnywhere FTP instances, resulting in the breaches of more than 2,600 and nearly 130 organizations, respectively.