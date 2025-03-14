Fraudsters have been observed impersonating the Clop ransomware gang to extort businesses, researcher from Barracuda Networks have found.

The incident is part of a trend of scammers impersonating high-profile ransomware actors and claiming to have exfiltrated sensitive data in order to extort payments from targets.

In the extortion email, the attackers claimed to have exploited a vulnerability in managed file transfer firm Cleo, enabling them to secure unauthorized access to the victim company’s network.

They said this allowed them to download and exfiltrate data from the servers.

The threat actors included a link to a media blogpost which reported that Clop had stolen data from 66 Cleo customers using this approach, in order to add authenticity to their claims.

The exploitation of vulnerabilities in managed file transfer software has been a common tactic used by Clop to target victims on mass.

In the fake email, the victim was told that unless they made payment, the stolen information would be published on Clop’s “Blog.”

A series of contact email addresses were provided, with the victims urged to get in touch.