Clop ransomware operators yesterday announced more victims of their attacks. Among them are top American universities like Stanford, University of California, and Yeshiva University in New York. The three appear on the list of organizations whose data and documents are being published on the dark web by cybercriminals.
The publication was apparently made yesterday afternoon on the website that Clop operators keep on the dark web, and where material from other universities, such as Florida, Maryland and Colorado, are already being dumped. Only from Stanford University were published four zipped files that add up to approximately 15 GB. Clop is currently one of the most active ransomware, having made large companies such as Shell, Bombardier and Pentair among its victims.
Clop is actually a variant of another ransomware, CryptoMix, and its name comes from Russian or Bulgarian, meaning “bug”. It is recognized as an evolving wedge and was initially distributed by an APT group called TA505, which has been operating since 2014. This group has evolved in its attack tactics, delivering the Clop ransomware as the final payload on as many systems as possible, the in order to pressure victims to pay ransom – the data of victims who do not pay will be published on the leak website Clop on the dark web.
The Clop attack is done in several stages: before the ransomware, two payloads are deployed, to allow the attackers to move laterally within the compromised network, and then download and deploy the ransomware.
With international news agencies
See the original post at: https://www.cisoadvisor.com.br/universidade-de-stanford-entra-na-lista-de-vitimas-do-ransomware-clop/?rand=59039