Last week, the Cl0p ransomware group issued an ultimatum to Moveit victims. They threatened to leak their data if they hadn’t received a ransomware payment by the 14th June/today.
Hüseyin Can Yuceel is a security researcher at Picus Security, a company specialising in simulating the attacks of criminal gangs like Cl0p. Here, he discusses how he expects the scenario to play out this week:
The CL0P ransomware group has claimed to have compromised more than 230 companies worldwide and says it will release exfiltrated sensitive data of their victims on their leak site. Since the purpose of threatening to release stolen data is to pressure the victims into paying the demanded ransom, CL0P may not release the data in its entirety this week. However, previous attacks show that they are not bluffing.
Depending on the victims and their willingness to pay the ransom, CL0P may release stolen sensitive data partially over time or in its entirety this week.
There is a growing trend among ransomware groups of double extortion. In the double extortion method, ransomware groups exfiltrate organisations’ sensitive data prior to encryption and give deadlines for payment to pressure victims into paying the ransom. If victims do not pay the demanded ransom, adversaries will release the sensitive data to harm their victims’ reputations.
As for how potential Cl0p victims should respond. Prevention is always the number one priority against ransomware attacks. After ransomware infection, there is not much that can be done. Even if backups are in place, ransomware groups can release their victims’ sensitive data and harm their reputation. Law enforcement agencies advise businesses not to pay ransoms because ransomware groups may not deliver the decryption key after the payment. There are also other risks with ransom payments.
More from Cybersecurity
- How To Keep Your Business Safe From Cyber Attacks
- How to Choose The Right Penetration Testing Tool For Your Tech Stack
- INE Security Partners With Abadnet Institute For Cybersecurity Training Programmes in Saudi Arabia
- Don’t Let The Drop In Rnasomware Fool You, Here’s How Cyber Threats Are Evolving
- INE Security Alert: Top 5 Takeaways From RSAC 2025
- Experts Share: How Should Startups Protect Their Data In 2025?
- Co-op Cyber Attack: What Does It Mean For UK Retailers and Consumers?
- Experts Comment: 23andMe Bankruptcy – How To Protect Your Data
We have observed that organisations known to pay the ransom are much more likely to be targeted by the same or other ransomware groups in the future. Ransomware payments can also perpetuate the ransomware threat and are used to fund other illegal activities.
In the UK, there are also strict financial sanctions against making of ransomware payments to Russian ransomware organisations. The Office of Financial Sanctions Implementation considers ransom payments as a breach of financial sanctions, which is a serious criminal offense and can carry a custodial sentence and the imposition of a monetary penalty.
Ransomware victims in the UK should therefore report the attack to the National Cyber Security Centre and request support for managing the cyber incident if needed.
