Clop is back again, or are they?
By Dominic Alvieri
11/3/2023
Will the Real Clop Please Stand Up
The group behind the hack of the year is back, or are they? After taking an odd mid-hack of the year 6 week hiatus CL0P Ransomware is back posting companies on their leak site and full torrent leaks on their torrent leak site. Is this the real Clop?
The once cocky and sh*tposting Clop I thought I knew has changed dramatically. The only story is we want money for our work. Quick to call out the BBC in reference to a post now this Clop doesnt seem to know the difference between a leak via tor and a torrent.
On Saturday, November 4th Clop Ransomware posted an updated post on Sweet Lake Land and Oil Co publishing full files via torrent. Today on Sunday the 5th of November they have just changed the updated post reflecting the files published via tor. Again. Evidentially this Clop doesn't know the difference between a leak via tor and a torrent.
CL0P Ransomware has not published any torrents on their torrent leak since the last company published via torrent which was a healthcare related company late in October.
The Clop Ransomware torrent leak site was taken down on November 1st.
This is a heavily speculated comment but it is almost like the real operator was arrested on an unrelated charge and now trying to explain to a friend or relative how and what to post. Either that or Clop has been seized and I am ruining the attempted honeypot. Either or the two above speculative scenarios would explain the extreme tactical and functional errors taking place. Unless you think Clop had a slight change of heart and is kinder, gentler and a lot less technically capable.
I have sent CL0P an email for a response but to no avail. I do not believe this is the same Clop Ransomware currently posting. The next few weeks will tell if there is a new zero-day they are exploiting and too busy to know the difference between tor and a torrent or something else is going on.
Stay safe, online and off.
The Cyber Show
@AlvieriD
alvierid@infosec.exchange