Cl0p Ransomware Group Blames Software Company and Leaks Data

• The Cl0p ransomware group releases exfiltrated data allegedly from Velocitor Solutions. 
• The targeted company is based in North Carolina and offers cloud-based solutions, among other services.
• Cl0p rants about the negligence of the targeted company in terms of protecting its clients' data and leaks data online. 

A software solutions company based in North Carolina, United States, was named as a victim of a ransomware attack by the Cl0p group. The dark web portal of Cl0p made a rant about the negligence in coughing a ransom by Velocitor Solutions and released all its data. 

The cloud-based enterprise solutions company has not released any public statement so far about a possible security breach at Velocitor Solutions. 

The dark web portal of the Cl0p ransomware group gave a glimpse of the alleged security incident related to Velocitor Solutions. A screenshot of the same was tweeted by HackManac, which maintains a repository of cyberattacks and other threat intelligence. 

Cl0p wrote, “The company doesn’t care about its customers. It ignored their security!” They also posted links to download all the exfiltrated data for free allegedly from the servers of VelSol.

While a ransom payment remains under severe criticism and strong opinion among the target, law enforcement agencies have been asking not to pay and encourage further exploitation.  

A joint Cybersecurity Advisory (CSA) released by the official website of the US government’s Cybersecurity & Infrastructure Security Agency (CISA) mentioned how Cl0p attacks and maintains a persistent stay in the hosting network.    

The ransomware group remains rather calm until they find entry into a system by exploiting a software vulnerability and extorting a series of victims with just one zero-day find at a time. For instance, when they found access to Accellion File Transfer Appliance (FTA) in 2020 and Forta/ GoAnywhere MFT in 2023.  

A file transfer facility makes for a lucrative victim, for it hosts several high-profile clients that transfer confidential, large, or routine files using its services. Maintaining their presence in a file transfer service, Cl0p makes a note of all the client credentials, files, and data and their clients and data until they have enough material to go on an extortion spree. 

While some make a public disclosure of being attacked, others remain mum for fear of losing their standing and loyalty among customers. 

This malicious chain targeting file transferring services ensnared MOVEit file transfer and its clients in its trap for over a year around 2023. Thousands of companies using MOVEit got caught in data leak incidents, exposing the personal and professional data of millions, including students.