ZeroFox Intelligence Flash Report - Clop Ransomware Collective Targets New Victims Across Multiple Sectors

Product Serial: F-2023-06-15b

TLP:CLEAR

In this flash report, ZeroFox researchers provide updates on recent developments with the Clop ransomware collective, including multiple updates to its shame site.

Standing Intelligence Requirements

Deep Dark Web and Criminal Underground DDW

For the most up-to-date list of ZeroFox’s Intelligence Requirements, please visit:

https://cloud.zerofox.com/intelligence/advisories/14956

Link to Download View the full report here

Key Findings

Subscribe to ZeroFox Advanced Dark Web Intelligence for updates on new ransomware targets.
Utilize the ZeroFox Platform’s Intelligence Search interface to investigate Indicators of Compromise and metadata related to Ransomware.
Reset service account credentials for affected systems and MOVEit Service Accounts.
Patch MOVEit Transfer versions: 2021.0.x, 2021.1.x, 2022.0.x, 2022.1.x, and 2023.0.0.
Users are advised to upgrade to versions 2021.0.6, 2021.1.4, 2022.0.4, 2022.1.5, and 2023.0.1.
Disable all HTTP and HTTPs traffic to your MOVEit Transfer environment.
Confirm files have been successfully deleted and no unauthorized accounts remain.