Have the Cl0p cybercriminals made the digital heist of the century with their campaign against the users of the secure transfer software MOVEit? For the specialist in Coveware negotiations, the answer is unfortunately yes. In a recent article, the company estimates that the criminal group should probably succeed in extorting between 75 and 100 million dollars with this attack.
A “dangerous and staggering” sum, higher than the Canadian annual budget devoted to offensive actions, of about $ 53 million, observes the company. As a reminder, these cybercriminals exploited an unknown vulnerability, an SQL injection that allowed them to steal documents exchanged via MOVEit. Before then making a thundering claim to piracy.
Very high ransoms
To arrive at these figures, Coveware crossed the number of victims and the likely ransoms. According to the company, the Lc0p campaign should thus reach about a thousand victims directly. The figure has been revised up with the many indirect victims. At the last count, more than 455 victim organizations – including a handful of French companies – have already been identified.
But if a small percentage of victims should agree to pay the ransom demanded, these are expected to be very high. The cybercriminals of Cl0p mocked, for example, a proposal to pay $ 4 million from one of their victims, a high sum that they considered too low. This figure can be compared to the average amount of ransoms paid observed by Coveware, estimated at $ 740,000 in the second quarter of 2023, an increase of 126% compared to the first quarter.
To support its lucrative extortion requests, Cl0p has also just launched websites dedicated to data leaks, organization by organization. These portals accessible to everyone soberly reference series of links to the stolen data to download. As Bleeping computer notes, Cl0p is thus inspired by Alphv / BlackCat, which had already done this last year. This way of doing things allows cybercriminals to increase the exposure of their leak.
The data leak is therefore no longer limited to Internet users who know how to install the Tor browser and find the en address.onion, the privileged space by ransomware cybercriminals. Except that unlike the latter sites, which are harder to reach by fonts, websites have a limited lifespan. This is evidenced by the very fast offline of the first pages published by Cl0p. But even if this experiment is a bit failed – the slow speed of the clearweb sites has been mocked by Internet users -, the cybercriminals of Cl0p can obviously afford failures given the mass of data they have amassed.