{"id":171089,"date":"2023-06-21T02:00:37","date_gmt":"2023-06-21T09:00:37","guid":{"rendered":"https:\/\/www.mcafee.com\/blogs\/?p=171089"},"modified":"2025-05-28T23:24:52","modified_gmt":"2025-05-29T06:24:52","slug":"clop-ransomware-exploits-moveit-software","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/clop-ransomware-exploits-moveit-software\/","title":{"rendered":"CLOP Ransomware exploits MOVEit software"},"content":{"rendered":"<p>Authored by: Abhishek Karnik and Oliver Devane<\/p>\n<p><span data-contrast=\"auto\">You may have heard recently in the news that several organizations, including banks, federal agencies, and corporate entities, have suffered data breaches due to a series of ransomware attacks initiated by the Clop hacker group (aka CLOP, CL0p), that leveraged a vulnerability in <a href=\"https:\/\/www.progress.com\/security\/moveit-transfer-and-moveit-cloud-vulnerability\">MOVEit software.<\/a><\/span><\/p>\n<p>Three <em>critical<\/em> vulnerabilities <span data-contrast=\"auto\">(<\/span><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-34362\"><span data-contrast=\"none\">CVE-2023-34362<\/span><\/a><span data-contrast=\"auto\">, <\/span><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-35036\"><span data-contrast=\"none\">CVE-2023-35036<\/span><\/a><span data-contrast=\"auto\"> and <\/span><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-35708\"><span data-contrast=\"none\">CVE-2023-35708<\/span><\/a><span data-contrast=\"auto\">) <span class=\"TextRun SCXW197465697 BCX0\" lang=\"EN-GB\" xml:lang=\"EN-GB\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW197465697 BCX0\">have been<\/span> <span class=\"NormalTextRun SCXW197465697 BCX0\">report<\/span><span class=\"NormalTextRun SCXW197465697 BCX0\">ed<\/span><span class=\"NormalTextRun SCXW197465697 BCX0\"> in <\/span><span class=\"NormalTextRun SCXW197465697 BCX0\">the<\/span> <span class=\"NormalTextRun ContextualSpellingAndGrammarErrorV2Themed SCXW197465697 BCX0\">software.<\/span><span class=\"NormalTextRun SCXW197465697 BCX0\"> However, the group is <\/span><span class=\"NormalTextRun SCXW197465697 BCX0\">only <\/span><span class=\"NormalTextRun SCXW197465697 BCX0\">known to have <\/span><span class=\"NormalTextRun SCXW197465697 BCX0\">leveraged<\/span> <span class=\"NormalTextRun SCXW197465697 BCX0\">one, <\/span><span class=\"NormalTextRun SCXW197465697 BCX0\"><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-34362\">CVE-2023-34362<\/a> to obtain unauthorized access to sensitive data. The vulnerabilities, <\/span><span class=\"NormalTextRun SCXW197465697 BCX0\">if<\/span><span class=\"NormalTextRun SCXW197465697 BCX0\"> exploited, result from a structured query language (SQL) injection attack, that allows attackers access to databases hosted by the <\/span><span class=\"NormalTextRun SpellingErrorV2Themed SCXW197465697 BCX0\">MOVEit<\/span><span class=\"NormalTextRun SCXW197465697 BCX0\"> application.<\/span><\/span><span class=\"EOP SCXW197465697 BCX0\" data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/span><\/p>\n<p><i><span data-contrast=\"auto\">SQL injection<\/span><\/i><span data-contrast=\"auto\"> is a technique by which attackers exploit vulnerabilities that allows the injection of malicious code into an application to view or modify a database (in this case MOVEit)<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<p><i><span data-contrast=\"auto\">Ransomware <\/span><\/i><span data-contrast=\"auto\">is a certain class of malware that tries to extort money as a ransom payment. The typical tactics for such malware are:<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<ol>\n<li><span data-contrast=\"auto\">Encrypt files on a machine and demand payment for file decryption<\/span><span data-contrast=\"auto\">.<\/span><\/li>\n<li><span data-contrast=\"auto\">Siphon important business, confidential or sensitive data, and then demand a payment to prevent public disclosure of such data<\/span><span data-contrast=\"auto\">.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/li>\n<\/ol>\n<p><span data-contrast=\"auto\">While there were no reports of file encryption in this wave, the malicious actors stole files from the impacted companies and are now extorting them by demanding payment to prevent the hackers from releasing the files to the public. It should be noted that this is not the first time Clop has used <\/span><a href=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/clop-ransomware\/\"><span data-contrast=\"none\">these tactics<\/span><\/a><span data-contrast=\"auto\">.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<h2 aria-level=\"2\"><span data-contrast=\"none\">How did this attack occur and how does this impact you?<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;201341983&quot;:0,&quot;335559738&quot;:40,&quot;335559739&quot;:0,&quot;335559740&quot;:259}\">\u00a0<\/span><\/h2>\n<p><span data-contrast=\"auto\">The U.S. Department of Homeland Security\u2019s <\/span><span data-contrast=\"auto\">Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) <\/span><a href=\"https:\/\/www.cisa.gov\/news-events\/news\/cisa-and-fbi-release-advisory-cl0p-ransomware-gang-exploiting-moveit-vulnerability\"><span data-contrast=\"auto\">first warned<\/span><\/a><span data-contrast=\"auto\">\u202fof this attack via a <\/span><a href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2023\/06\/07\/cisa-and-fbi-release-stopransomware-cl0p-ransomware-gang-exploits-moveit-vulnerability\"><span data-contrast=\"none\">press release<\/span><\/a><span data-contrast=\"auto\"> on June 7, 2023. The attackers exploited a <\/span><a href=\"https:\/\/www.mcafee.com\/learn\/what-is-a-zero-day-threat\/\"><span data-contrast=\"none\">zero-day <\/span><\/a><span data-contrast=\"none\">threat<\/span><span data-contrast=\"auto\"> in MOVEIt software.\u00a0 Internet-facing MOVEit transfer web applications were compromised through the vulnerabilities listed above and infected with malware that then subsequently stole data from underlying MOVEit databases. The result was that any file that was transferred using MOVEit could also have been stolen by malicious actors. Once the data was siphoned, the attackers contacted the organizations to inform them that they were victims of an attack and that the files would be published publicly if a ransom wasn\u2019t paid on time. <\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559731&quot;:720,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">The impact of this is that potentially sensitive files that may have contained intellectual property or personally identifiable customer data could be made available on the Internet. This<\/span><span data-contrast=\"auto\">,<\/span><span data-contrast=\"auto\"> of course, would have severe ramifications for not only the impacted organizations, but also for customers or users who had provided information to them<\/span><span data-contrast=\"auto\">.<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559731&quot;:720,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<p aria-level=\"2\"><span data-contrast=\"none\">What can you do?<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;201341983&quot;:0,&quot;335559738&quot;:40,&quot;335559739&quot;:0,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">If you operate a business that utilizes the MOVEit software, it is imperative that you follow guidance provided by <\/span><a href=\"https:\/\/www.progress.com\/security\/moveit-transfer-and-moveit-cloud-vulnerability\"><span data-contrast=\"none\">Progress Software<\/span><\/a><span data-contrast=\"auto\"> and <\/span><a href=\"https:\/\/www.cisa.gov\/news-events\/news\/cisa-and-fbi-release-advisory-cl0p-ransomware-gang-exploiting-moveit-vulnerability\"><span data-contrast=\"none\">CISA<\/span><\/a><span data-contrast=\"auto\">.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559731&quot;:720,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">It\u2019s unlikely that individual consumers will be directly impacted by the CLOP\u00a0<\/span><span data-contrast=\"auto\">malware. However<\/span><span data-contrast=\"auto\">,<\/span><span data-contrast=\"auto\"> there is a possibility that you may have been indirectly impacted if an organization you have previously subscribed to or provided information to is a victim. This <\/span><a href=\"https:\/\/www.mcafee.com\/support\/?articleId=TS103128&amp;page=shell&amp;shell=article-view\"><span data-contrast=\"none\">FAQ<\/span><\/a><span data-contrast=\"auto\"> and <\/span><a href=\"https:\/\/www.mcafee.com\/blogs\/privacy-identity-protection\/how-to-protect-yourself-from-identity-theft-after-a-data-breach\"><span data-contrast=\"none\">blog by McAfee<\/span><\/a><span data-contrast=\"auto\"> contains great details on what steps you should follow if your data is part of a data breach. <\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559731&quot;:720,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">Such breaches can also have a ripple effect where malicious actors who weren&#8217;t directly involved with the ransomware attack may take advantage of the event<\/span><span data-contrast=\"auto\">,<\/span><span data-contrast=\"auto\"> to target potential victims with scams. Be cautious of emails or other correspondence claiming to be from a company that has been impacted by this Ransomware attack. Double-check the email address and<\/span><span data-contrast=\"auto\"> verify<\/span><span data-contrast=\"auto\"> any links that are present in the emails. Read more about <\/span><a href=\"https:\/\/www.mcafee.com\/support\/?locale=en-US&amp;articleId=TS101810&amp;page=shell&amp;shell=article-view\"><span data-contrast=\"none\">how to recognize and protect yourself from phishing<\/span><\/a><span data-contrast=\"auto\">.\u00a0<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Authored by: Abhishek Karnik and Oliver Devane You may have heard recently in the news that several organizations, including banks,&#8230;<\/p>\n","protected":false},"author":695,"featured_media":171097,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[4549],"coauthors":[4136],"class_list":["post-171089","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-mcafee-labs","tag-ransomware"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>CLOP Ransomware exploits MOVEit software | McAfee Blog<\/title>\n<meta name=\"description\" content=\"Authored by: Abhishek Karnik and Oliver Devane You may have heard recently in the news that several organizations, including banks, federal agencies, and\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"CLOP Ransomware exploits MOVEit software | McAfee Blog\" \/>\n<meta property=\"og:description\" content=\"Authored by: Abhishek Karnik and Oliver Devane You may have heard recently in the news that several organizations, including banks, federal agencies, and\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/clop-ransomware-exploits-moveit-software\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2023-06-21T09:00:37+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-05-29T06:24:52+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/06\/300x200_Blog_CLOP-2.png\" \/>\n\t<meta property=\"og:image:width\" content=\"300\" \/>\n\t<meta property=\"og:image:height\" content=\"200\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"McAfee Labs\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@McAfee_Labs\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"McAfee Labs\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/clop-ransomware-exploits-moveit-software\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/clop-ransomware-exploits-moveit-software\/\"},\"author\":{\"name\":\"McAfee Labs\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/86f325fa6532a017d06d6b49a2f3b1ad\"},\"headline\":\"CLOP Ransomware exploits MOVEit software\",\"datePublished\":\"2023-06-21T09:00:37+00:00\",\"dateModified\":\"2025-05-29T06:24:52+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/clop-ransomware-exploits-moveit-software\/\"},\"wordCount\":610,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/clop-ransomware-exploits-moveit-software\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/06\/300x200_Blog_CLOP-2.png\",\"keywords\":[\"ransomware\"],\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/clop-ransomware-exploits-moveit-software\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/clop-ransomware-exploits-moveit-software\/\",\"name\":\"CLOP Ransomware exploits MOVEit software | McAfee Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/clop-ransomware-exploits-moveit-software\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/clop-ransomware-exploits-moveit-software\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/06\/300x200_Blog_CLOP-2.png\",\"datePublished\":\"2023-06-21T09:00:37+00:00\",\"dateModified\":\"2025-05-29T06:24:52+00:00\",\"description\":\"Authored by: Abhishek Karnik and Oliver Devane You may have heard recently in the news that several organizations, including banks, federal agencies, and\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/clop-ransomware-exploits-moveit-software\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/clop-ransomware-exploits-moveit-software\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/clop-ransomware-exploits-moveit-software\/#primaryimage\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/06\/300x200_Blog_CLOP-2.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/06\/300x200_Blog_CLOP-2.png\",\"width\":300,\"height\":200},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/clop-ransomware-exploits-moveit-software\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"CLOP Ransomware exploits MOVEit software\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/86f325fa6532a017d06d6b49a2f3b1ad\",\"name\":\"McAfee Labs\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/af947d76ffbef8521094b476cf8050c3\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/Social-Media-PF-Logo-Pic-300x300-2-96x96.jpg\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/Social-Media-PF-Logo-Pic-300x300-2-96x96.jpg\",\"caption\":\"McAfee Labs\"},\"description\":\"McAfee Labs is one of the leading sources for threat research, threat intelligence, and cybersecurity thought leadership. See our blog posts below for more information.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee_Labs\"],\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/mcafee-labs\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"CLOP Ransomware exploits MOVEit software | McAfee Blog","description":"Authored by: Abhishek Karnik and Oliver Devane You may have heard recently in the news that several organizations, including banks, federal agencies, and","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"CLOP Ransomware exploits MOVEit software | McAfee Blog","og_description":"Authored by: Abhishek Karnik and Oliver Devane You may have heard recently in the news that several organizations, including banks, federal agencies, and","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/clop-ransomware-exploits-moveit-software\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_author":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2023-06-21T09:00:37+00:00","article_modified_time":"2025-05-29T06:24:52+00:00","og_image":[{"width":300,"height":200,"url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/06\/300x200_Blog_CLOP-2.png","type":"image\/png"}],"author":"McAfee Labs","twitter_card":"summary_large_image","twitter_creator":"@McAfee_Labs","twitter_site":"@McAfee","twitter_misc":{"Written by":"McAfee Labs","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/clop-ransomware-exploits-moveit-software\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/clop-ransomware-exploits-moveit-software\/"},"author":{"name":"McAfee Labs","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/86f325fa6532a017d06d6b49a2f3b1ad"},"headline":"CLOP Ransomware exploits MOVEit software","datePublished":"2023-06-21T09:00:37+00:00","dateModified":"2025-05-29T06:24:52+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/clop-ransomware-exploits-moveit-software\/"},"wordCount":610,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/clop-ransomware-exploits-moveit-software\/#primaryimage"},"thumbnailUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/06\/300x200_Blog_CLOP-2.png","keywords":["ransomware"],"articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/clop-ransomware-exploits-moveit-software\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/clop-ransomware-exploits-moveit-software\/","name":"CLOP Ransomware exploits MOVEit software | McAfee Blog","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/clop-ransomware-exploits-moveit-software\/#primaryimage"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/clop-ransomware-exploits-moveit-software\/#primaryimage"},"thumbnailUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/06\/300x200_Blog_CLOP-2.png","datePublished":"2023-06-21T09:00:37+00:00","dateModified":"2025-05-29T06:24:52+00:00","description":"Authored by: Abhishek Karnik and Oliver Devane You may have heard recently in the news that several organizations, including banks, federal agencies, and","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/clop-ransomware-exploits-moveit-software\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/clop-ransomware-exploits-moveit-software\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/clop-ransomware-exploits-moveit-software\/#primaryimage","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/06\/300x200_Blog_CLOP-2.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/06\/300x200_Blog_CLOP-2.png","width":300,"height":200},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/clop-ransomware-exploits-moveit-software\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"CLOP Ransomware exploits MOVEit software"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/86f325fa6532a017d06d6b49a2f3b1ad","name":"McAfee Labs","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/af947d76ffbef8521094b476cf8050c3","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/Social-Media-PF-Logo-Pic-300x300-2-96x96.jpg","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/Social-Media-PF-Logo-Pic-300x300-2-96x96.jpg","caption":"McAfee Labs"},"description":"McAfee Labs is one of the leading sources for threat research, threat intelligence, and cybersecurity thought leadership. See our blog posts below for more information.","sameAs":["https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee_Labs"],"url":"https:\/\/www.mcafee.com\/blogs\/author\/mcafee-labs\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/171089","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/695"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=171089"}],"version-history":[{"count":16,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/171089\/revisions"}],"predecessor-version":[{"id":214676,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/171089\/revisions\/214676"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media\/171097"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=171089"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=171089"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=171089"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=171089"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}