The untold history of today’s Russian-speaking hackers

/in


Clop, a Russian-speaking hacking group specialising in ransomware, has its own website. Yes, this is a thing — criminals openly encouraging their victims to negotiate a ransom for the return of their data as though it were a legitimate commercial deal.

Using language that is both business-like and chilling, it urges users to open a dialogue, stating they have a three-day window to discuss price. It promises that the Clop team will provide some specimen files they have encrypted “as proof we are not lying”. Failure to comply means all the stolen data will be published.

As with other ransomware groups, Clop’s webpage is only accessible on the dark web via Tor (“The Onion Router”). If that sounds challenging, these days a seven-year-old would be able to access it for you in a couple of minutes. The homepage includes an indignant rant at the BBC for allegedly misreporting Clop’s activities. It finishes with an exhortation to the mainstream media: “Stop creating propaganda by crafting interesting stories. Only story is we want money for our work. If we have your business files you have to pay. Speak and be reasonable and we shake on agreement.” 

According to Mikko Hypponen, chief research officer at WithSecure in Helsinki and one of the most celebrated hunters of Russian cyber gangs, Clop “is a Russian-speaking crime group operating out of Russia and Ukraine”. Hypponen notes that since Russia’s invasion of Ukraine, the number of ransomware attacks against companies and institutions in Europe and the US that emanate from Ukraine has dropped, while those launched from inside Russia have increased.

It’s been a busy few months for Clop. In June, the group announced that it had found a vulnerability in a software product called MOVEit. This file-transfer software in turn allowed the hackers from Clop access to the digital payroll provider Zellis.

Although Boots, British Airways and the BBC were reported by the BBC itself to be among the hundreds of companies that fell victim to the massive ransomware attack that month, Clop denied harvesting data from them — hence the acrimonious exchanges with the broadcaster. Zellis issued a press release, admitting that…

Source…