Clop ransomware gang clips sensitive information from The7Star, Publishes Them Online

Enterprise Security Magazine | Tuesday, March 09, 2021

The ad agency, which has clients such as Atlantic Records, Suzuki, and Penguin, Random House, had its files published online by a ransomware gang.

Fremont, CA: The attack took place after 15th December when The7Star annual return was prepared for filing. Though the documents talk about its healthy financial performance, there was no mention of threats from cyber criminals. The ad agency which is based in London filed a revenue of £379.36m for the year ended 31st March 2020. In the same accounts filed with the UK register companies house, the ad agency boasted about its position as the largest independently owned media agency in the UK. This grabbed the attention of the Clop ransomware extortionists.

Screenshots were published on the Clop gang's website which had sensitive data such as scans of passports, invoices, and photographs of staff at the party, and a copy of a data protection agreement.

The publication of sensitive information on the web indicates that ransom demand has been rebuffed. The agency has high-profile clients such as Great Western Railways, Atlantic Records, and Japanese motorbike maker Suzuki. It is highly unlikely that these companies will be directly affected, though it appears that the clop gang wants to declare that it has stolen data relating to the ad agency’s clients.

An ICO representative stated that they have received a report from the ad agency about the ransomware attack and they are currently making inquiries to assess the situation. The same extortionist gangs last year had targeted Germany's Software AG.

Clop is a type of CryptoMix and may be used by the group behind the Dridex bank Trojan. It is primarily used to target enterprise networks and then the cyber criminals demand ransom which can run into millions. The fight against ransomware continues which is affecting business models.

The ad agency was able to restore its systems and networks using the backups and is continuing to investigate the case.