icon

Digital safety starts here for both commercial and personal Use...

Defend Your Business Against the Latest WNY Cyber Threats We offer Safe, Secure and Affordable Solutions for your Business and Personal Networks and Devices.



WNYCyber is there to help you to choose the best service providers in Western New York... We DO NOT provide the services ourselves, as we are Internet Programmers who have to deak daily with Cyber Threats... (Ugghhh)... So we know what it's like and what it takes to protect OUR and OUR CUSTOMERS DATA... We built this Website to help steer you to those that can give you the best service at realistic and non-inflated prices. We do charge or collect any fees.

Buffalo, New York
United States

Current Threat Data

Fraudsters Impersonate Clop Ransomware to Extort Businesses

Summary:
Barracuda’s March Email Threat Radar report highlights a new campaign, where fraudsters are impersonating Clop ransomware to extort payments from victims. In this case, the attackers send emails falsely claiming to be Clop and state that they have successfully exploited a vulnerability in Cleo, a company known for developing managed file transfer platforms such as Cleo Harmony, VLTrader, and LexiCom. According to the attackers, this exploitation allowed them to gain unauthorized access to the victim's network and exfiltrate sensitive data from their servers. Mirroring typical ransomware tactics, the fraudsters threaten to expose or leak the stolen data unless the victim pays an unspecified amount of money. This extortion strategy is designed to pressure victims into complying with the attackers' demands, often relying on fear of reputational damage or data leaks.

Security Officer Comments:
This development highlights a trend in fraudsters impersonating well-known ransomware groups to extort funds from victims. Recently, the FBI warned that actors are sending organizations physical letters in the mail pretending to be from the BianLian group. These letters are being sent via the United States Postal service and claim to have compromised the recipient’s corporate network and stolen sensitive data which will be leaked online if the victim doesn’t pay a ransom.

The latest campaign follows a similar format, however this time using email as the communication method. In the emails observed by Barracuda, the actors reference a media blogpost reporting on how Clop had stolen data from 66 Cleo customers. Back in mid-December 2024, Clop exploited a zero-day vulnerability (CVE-2024-55956) in Cleo’s managed file transfer platforms to compromise and exfiltrate data from dozens of organizations. By citing this blog post and highlighting the exploitation of the Cleo vulnerability, the fraudsters aim to add credibility to their claims and make it appear as though the email is genuinely from the Clop ransomware group.

Suggested Corrections:
Signs to look for
  • Emails from the fake Clop are likely to reference media coverage about actual Clop ransomware attacks.
  • If the email features elements such as a 48-hour payment deadline, links to a secure chat channel for ransom payment negotiations, and partial names of companies whose data was breached, then you are likely dealing with actual Clop ransomware, and you need to take immediate steps to mitigate the incident.
  • If these elements are absent, you’re probably just being scammed.
Link(s):
https://www.infosecurity-magazine.com/news/fraudsters-clop-ransomware-extort/ 
 
https://blog.barracuda.com/2025/03/12/email-threat-radar-march-2025
View this resource  

Contact Us for Threat Assistance
Back to Current Threats