Clop Gang Offers Data Downloads Via Torrents

The Clop ransomware group has begun offering access to data stolen in MOVEit attacks via torrents, it has emerged.

Security researcher Dominic Alvieri revealed the news on Twitter, with screenshots showing several big-name victims whose data is being made available via P2P sharing.

Among the corporate names on that list were investment firm Putnam, Iron Bow Technologies and insurance company Delaware Life. Management consultancy Aon, Zurich Brazil and United Healthcare Student Resources were also featured.

The move by Clop is likely due to the fact that large data dumps can be slow to download, eroding the value threat actors get by sharing them on leak sites.

The group included handy instructions on how to use torrent clients, alongside data on roughly 20 compromised organizations.

This isn’t the first time Clop has experimented with new ways to make its stolen data more accessible. The group previously created surface web sites dedicated to specific breached organizations like PwC.

Read more on Clop: Critical Zero-Day Flaw Exploited in MOVEit Transfer

Ransomware groups are constantly innovating to improve their reputation and monetization of attacks. Another area of interest is notification of the victims themselves.

One group recently hijacked the mass alert system of a Virginian university to pressure staff and students to lobby the institution’s administrators to pay.

Clop managed to compromise hundreds of victims after exploiting a zero-day bug in the MOVEit managed file transfer software.

Millions of end users have been impacted. Most recently, Virginian government contractor Maximum admitted that between eight and 11 million individuals may have had their personal information compromised via the campaign.