The Clop ransomware gang is now increasingly leaking corporate data using torrents. Instead of spreading via a slow Tor link, the hackers are using torrents, which provide faster downloads even with few seeds.
So far, there are twenty victims whose corporate data Clop leaked via torrents. They include Netherlands-based Landal GreenParks and the international consulting firm Aon. BleepingComputer conducted a speed test and found that one could torrent with the data at 5.4 Mbps despite only 1 IP address in Russia being seeded.
Hard to trace
For the Clop gang, torrent distribution has many advantages. The well-known technology is decentralized and allows users to get the data through different sources. This makes it a lot harder for intelligence agencies to track than a single host site as before.
Clop is one of the most active cybercrime gangs this year. A few weeks ago, together with LockBit, they were found to have caused some 40 percent of all ransomware attacks in June this year. Victims of these types of cyber attacks can differ tremendously, but government entities, healthcare institutes and the banking sector are often targets. Vast amounts of incidental attacks also take place due to the fact that threat actors scan for occurrences of vulnerable software. One prominent victim of the LockBit ransomware was the major Japanese port of Nagoya.