Cl0P Ransomware Strikes Again: Top Companies Under Siege

Estimated read time 4 min read

You might have heard about the notorious Cl0P ransomware gang making headlines recently. Well, they’re back at it, and this time they’ve set their sights on a few big names in the industry.

A Little Background

Let’s rewind a bit for those who might not be familiar with Cl0P. This ransomware first popped up in February 2019 as an offshoot of the CryptoMix ransomware variant. Its creators, also known as TA505, have been conducting large-scale spear-phishing campaigns, cleverly using verified and digitally signed binary to sidestep system defenses​1​.

Cl0P was initially known for its ‘double extortion‘ strategy – it would not only encrypt victim data but also steal it. If the victims didn’t cough up the ransom, the data would be published on the Cl0P^_-LEAKS website on Tor. But recently, it seems Cl0P prefers to focus more on data exfiltration than encryption​​.

The Recent Spree

Fast forward to May 27, 2023, and Cl0P started exploiting a hitherto unknown SQL injection vulnerability (CVE-2023-34362) in Progress Software’s MOVEit Transfer. They used a web shell named LEMURLOOT to infect internet-facing MOVEit Transfer web applications and snatch data from the underlying databases​.

This isn’t their first rodeo with MOVEit. Back in January 2023, they used a zero-day vulnerability (CVE-2023-0669) to target the GoAnywhere MFT platform. They claimed to have made off with data from around 130 victims in just 10 days. And now, they’re back to their old tricks with MOVEit Transfer​.

The Latest Cl0P Victims

The Latest CL0P Victims
The Latest CL0P Victims

Now, let’s talk about who’s on the receiving end of these attacks. The victims include some pretty significant players in various sectors:

These companies were listed on the Cl0P ransomware group’s blog as the latest victims of the MOVEit vulnerability​​.

The Potential Impact of Data Leaks on the Targeted Companies

Now, let’s delve a little deeper into who these companies are and why a data leak could spell disaster for them.

Werum IT Solutions

Werum IT Solutions is a leading supplier of Manufacturing Execution Systems (MES) for the pharmaceutical and biopharmaceutical industries. They’re the brains behind some of the most critical software systems that ensure drugs are manufactured according to the necessary specifications. Imagine if their proprietary information or sensitive customer data were to fall into the wrong hands. It could not only damage their reputation but also potentially allow counterfeit drugs to flood the market.

Schneider Electric

Schneider Electric is a multinational corporation specializing in electrical equipment and energy management. They are responsible for vital infrastructure in many countries. Data leaks here could expose vulnerabilities in this infrastructure, potentially leading to power outages, industrial accidents, or worse. Not to mention the potential for industrial espionage.

Siemens Energy

Siemens Energy is another giant in the field of energy production and related services. A data breach here could reveal sensitive information about energy grids and power plants. The data could be exploited by malicious actors to disrupt power supply, causing chaos and economic damage. It could also provide valuable intellectual property to competitors.


The University of California, Los Angeles (UCLA) is one of the most prestigious universities in the United States. A data leak here could expose personal information of students and staff, research data, financial information, and other confidential data. The implications range from identity theft to the potential compromise of groundbreaking research.


Last but not least, AbbVie is a pharmaceutical company known for its research and development in areas such as immunology, oncology, and neuroscience. Leaked data could reveal sensitive details about ongoing research, potentially allowing competitors to get ahead or even enabling the creation of counterfeit medications. Personal data about patients involved in trials could also be exposed, leading to privacy breaches.

In short, for all these companies, a data leak could lead to a loss of trust, reputational damage, regulatory fines, and a potential competitive disadvantage. It’s not just about the companies themselves – the ripple effects could affect us all in various ways.

Reza Rafati

Reza Rafati, based in the Netherlands, is the founder of An industry professional providing insightful commentary on infosec, cybercrime, cyberwar, and threat intelligence, Reza dedicates his work to bolster digital defenses and promote cyber awareness.

You May Also Like

More From Author