Cl0p attacks Leggett and Platt
Incident Date:
August 21, 2023
Overview
Title
Cl0p attacks Leggett and Platt
Victim
Leggett and Platt
Attacker
Clop
Location
First Reported
August 21, 2023
The Cl0p Ransomware Gang's Attack on Leggett and Platt
Leggett & Platt is a company that specializes in manufacturing a diverse range of engineered products for various industries, with a particular focus on furniture, bedding, automotive, aerospace, and industrial applications. The company was founded in 1883 by J.P. Leggett and C.B. Platt in Carthage, Missouri, USA. It initially began as a manufacturer of bedsprings, but over the years, it has expanded its product offerings and diversified into numerous other areas.
Cl0p posted Leggett and Platt to its data leak site on August 21st but provided no further details. Cl0p is a RaaS (Ransomware as a Service) platform first observed in 2019. Cl0p has advanced anti-analysis capabilities and anti-virtual machine analysis to prevent investigations in an emulated environment like those commonly used by security tools.
Advanced Tactics and Exploits
Cl0p is increasingly using automation to exploit known vulnerabilities to infiltrate targets, as well as a SQL injection zero-day vulnerability (CVE-2023-34362) that installs a web shell – a rarity amongst ransomware operators. Attacks by Cl0p surged in Q1 of 2023 as the gang leveraged patchable exploits for the GoAnywhere file transfer software to compromise more than 100 victims in a matter of weeks, although it is unknown how well they were able to monetize the attacks.
Cl0p is likely to be leveraging automation to identify exposed organizations who have not patched against known vulnerability, which is why we are seeing so many new victims. Ransom demands vary depending on the target and average around $3 million dollars but have been reported as to be as high as $20 million. Ransom amounts are likely to continue to grow as Cl0p focuses more on the exfiltration of sensitive data.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.