The Clop Ransomware group has been very active over the past couple of months stealing personal information through attacks exploiting a critical vulnerability in MOVEit the File transfer software and have recently changed how they distribute this stolen data.
Researchers have discovered that recent Clop Leaks have been released on Peer2Peer file sharing websites in the form of Torrents. This move by Clop is likely as a result of slow download times when trying to access stolen data on there leak website, these slow downloads erode their value as the older the leaked information is, the less useful it is for attackers.
Clop have created tutorials on how to use Torrent clients and access their leaks alongside publishing the data of 20 organisations. Previously Clop experimented with Open source websites dedicated to each leak however they have not attempted to replicate this for some time now.
By using Peer to Peer torrents, download speeds have been significantly increased we researchers able to get speeds of 5.2mbs from just one seeder using a Russian IP address. Running torrents will not only be easier for Clop as they no longer have to worry as much about protecting their leak website, but it also will apply more pressure to attacked businesses as companies will have less time to react one data is leaked and their data is more likely to be leaked to a wider distribution network.
If you have concerns about your business possibly being vulnerable to ransomware, you can follow the NCSC guides on protecting your business form ransomware here: A guide to ransomware - NCSC.GOV.UK
Report all fraud and cybercrime to Action Fraud by calling 0300 123 2040 or online: https://www.actionfraud.police.uk/.Forward suspicious emails to email@example.com Report SMS scams by forwarding the original message to 7726.