Skip to content

Fraudsters Impersonate Clop Ransomware to Extort Businesses

Posted by: GuidePoint Security

< 1 min read

March 14, 2025 – Published on Infosecurity Magazine

Fraudsters have been observed impersonating the Clop ransomware gang to extort businesses, researchers have found.

The incident is part of a trend of scammers impersonating high-profile ransomware actors and claiming to have exfiltrated sensitive data in order to extort payments from targets. In the extortion email, the attackers claimed to have exploited a vulnerability in managed file transfer firm Cleo, enabling them to secure unauthorized access to the victim company’s network.

The fake Clop extortion emails are likely to reference media coverage about actual Clop ransomware attacks to try and appear legitimate.

The findings come shortly after GuidePoint Security revealed that fraudsters are sending businesses extortion letters purporting to be from the BianLian ransomware group.

In it, the sender claims to have compromised the recipient’s corporate network and stolen sensitive data, mimicking the threats of a genuine ransomware ransom note.

Read More HERE.

Categories: Incident Response & Threat Intelligence
Tags:GRITransomware

GuidePoint Security

Snail Mail Fail: Fake Ransom Note Campaign Preys on Fear
In early March 2025, GRIT received reports from multiple organizations regarding suspicious physical letters delivered by mail from US addresses […]
View Page

Related Articles

View All

  • GRIT Blog
Snail Mail Fail: Fake Ransom Note Campaign Preys on Fear
Posted by: Grayson North
Published 03/04/25, 11:17am
Read More 5 min read
  • Incident Response & Threat Intelligence
FBI Alert: $250,000 Snail Mail Ransomware Threat To US CEOs Confirmed
Read More < 1 min read
  • Incident Response & Threat Intelligence
GRIT 2025 Ransomware & Cyber Threat Report
Read More < 1 min read