A week after Ukrainian police arrested criminals affiliated with the notorious Cl0p ransomware gang, Cl0p has published a fresh batch of what’s purported to be confidential data stolen in a hack of a previously unknown victim. Ars won’t be identifying the possibly victimized company until there is confirmation that the data and the hack are genuine.
If genuine, the dump shows that Cl0p remains intact and able to carry out its nefarious actions despite the arrests. That suggests that the suspects don’t include the core leaders but rather affiliates or others who play a lesser role in the operations.
The data purports to be employee records, including verification of employment for loan applications and documents pertaining to workers whose wages have been garnished. I was unable to confirm that the information is genuine and that it was, in fact, taken during a hack on the company, although web searches showed that names listed in the documents matched names of people who work for the company.