Hacking Group Clop Adds to Growing List of Victims


A hacking group known as Clop reportedly continues to steal sensitive data from companies around the world.

The group — taking its name from the Russian word for “bedbugs” — says it has hacked companies that included the capital management firm Putnam Investments and German manufacturer Heidelberg, the Financial Times (FT) reported Thursday (June 15).

According to the report, Clop is demanding a ransom from the companies that could come to several million dollars. If the companies don’t pay, the group is threatening to release their sensitive information.

“This is a pretty nasty, and pretty big, incident,” Ciaran Martin, chair of CyberCX UK, told the FT. “These companies in good faith were using a service that they trusted.”

That service was the file transfer product, MOVEit, developed by Progress Software Corp. Late last month, Progress announced a vulnerability in the tool, and warned it could possibly lead to unapproved access into users’ systems.

Since then, a number of organizations have reported being hacked, including British Airways, the BBC and Walgreens-owned Boots.

Clop is believed to be behind billions of dollars in cyber-attacks, as PYMNTS has previously reported. The FT report notes that investors have commented on the group’s patience and expertise in carrying out ransomware attacks.

“They have a level of operational acumen that is uncommon,” said Jeremy Kennelly, who studies financial crimes at Google-owned security firm Mandiant.

He added that Clop’s movements suggest the group has a grasp on how and where companies store their valuable data.

As PYMNTS reported earlier this year, analysis from blockchain analytics company Chainalysis shows that fewer victims of ransomware are paying out.

In a report published in January, the firm said that ransomware attackers extorted at least $456.8 million from victims in 2022, compared to $765.6 million in 2021.

And while Chainalysis did acknowledge that the actual figure will likely be much higher than its data indicates, the general trend is clear: ransomware payments are dropping. In fact, the findings indicate that in 2022 after several years of decline, just 41% of ransomware victims paid out, versus 76% in 2019.

Meanwhile, recent research conducted by PYMNTS and Nium shows that cyber and data security are at the top of the list of concerns of companies that manage international workers.

That study — “Meeting the Demand for Cross-Border Hiring: Challenges in International Workforce Payment and Management” — found that 39% of organizations cite data and cybersecurity as a friction point.