Clop Ransomware Gang Targets Cleo Users

The Clop ransomware group has threatened 59 organizations, including notable names like Blue Yonder and Hertz, with data exposure after exploiting vulnerabilities in Cleo's file transfer software. The group claims that these intrusions stem from a critical flaw in Cleo's Harmony, VLTransfer, and LexiCom products, which was initially disclosed in an October 2024 security advisory. Despite patches being issued, many organizations remain vulnerable, leading to Clop's assertion that they will publish stolen data on January 18 if ransom demands are not met. Covestro, a German manufacturer, has confirmed unauthorized access to its logistics server following Clop's attacks. The breach highlights a trend where enterprise file transfer applications have become prime targets for ransomware gangs due to their handling of sensitive information. Clop's tactics are reminiscent of previous exploitations involving Progress Software's MOVEit Transfer and Fortra’s GoAnywhere systems.