Clop Ransomware Applies Leverage from Customers to Convince Victims to Pay
The Threat Actor Has Taken It a Step Further and Directly Contacted Victims’ Customers Found in Files Stolen During the Ransomware Attack.
Clop ransomware is now applying maximum pressure on victims by emailing their customers and asking them to demand a ransom payment to protect their privacy.
This ransomware group has been linked to a number of high-profile hacks including the recent attacks that compromised Accellion FTAs belonging to Law firm Jones Day and Royal Dutch Shell.
After the Clop gang breached jet manufacturer Bombardier in an Accellion attack, they leaked pieces of sensitive information on their ransomware data leak site. Later that week, the threat actors began emailing journalists to let them know that further data would be published.
Stealing unencrypted data before encrypting a victim’s network is a very common tactic used by the ransomware gang. This data is then used in a double-extortion tactic where they threaten to release the information if a ransom is not paid.
However, the group recently started to approach victims’ C-level executives directly and turn their focus to the public as well. The tactic first started with Flagstar Bank customers and then with people exposed in the Universities of Miami and Colorado Accellion hacks.
New Extorsion Tactics
As reported by Lawrence Abrams, Clop has claimed a breach involving a major maternity clothing retailer. The hackers used the data stolen in the attack to contact customers via email and urge them to make the company pay.
The emails say that the recipient is being contacted as they are a customer of the store, and their personal data, including phone numbers, email addresses, and financial information, will soon be leaked on a Dark Web site if the store does not pay the ransom.
Clop then urges customers to “Call or write to this store and ask to protect your privacy!!!!”
What the email conveniently fails to mention, however, is that the hackers responsible for the breach are, in fact, the sender(s) of this message. What’s more, the “privacy protection” they’re urging people to seek is a ransom payment from a hacking victim.
Unfortunately, Clop is not the only threat actor who applies maximum pressure on victims to get them to pay ransoms.
Earlier this month, REvil ransomware operators threatened to cold-call victims and inform them that their systems have been hit by ransomware and request a ransom to work out the situation.
These ransomware gangs are probably assuming that warning customers that their data may have been exposed in a cyberattack, will create further pressure for the impacted company to pay.
Don’t Be an Accessory to Cyber Extortion
Regrettably, whether a ransom is paid or not, there is no guarantee that ransomware gangs delete the data as they promise.
There’s plenty of evidence that ransomware gangs will launch future attacks against victims who have shown a willingness to pay. Also, victims need to take into consideration the fact that the stolen data may very well have been sold to or shared with other cybercriminal groups, and there’s just no convincing reason to give in to hackers’ demands.