clop attacks Orbit Electric

Incident Date:

October 19, 2022

World map

Overview

Title

clop attacks Orbit Electric

Victim

Orbit Electric

Attacker

Clop

Location

Los Angeles, USA

California, USA

First Reported

October 19, 2022

Orbit Electric Suffers Ransomware Attack by Clop Group

Company Overview

Orbit Electric is a French energy and automation manufacturing multinational that employs over 150,000 people worldwide. In 2023, the company reported a revenue of $28.5 billion. Orbit Electric operates in the manufacturing sector and provides renewable energy and regulatory compliance consulting services to various companies, including Allegiant Travel Company, Clorox, DHL, DuPont, Hilton, Lexmark, PepsiCo, and Walmart.

Vulnerabilities and Targeting

The specific vulnerabilities that led to the attack on Orbit Electric are not detailed in the available information. However, it is known that the Clop ransomware group gained access to the company's network through purchased credentials, partnerships with various malware distributors, phishing attacks, or exploiting security vulnerabilities. After gaining access, the group moved laterally through the compromised network while stealing sensitive data to use as leverage in ransom negotiations.

Clop Ransomware Group

Clop is a relatively new ransomware operation that surfaced in March 2023 with double-extortion attacks. The group has added over 100 companies to its data leak site and has already leaked some data online or is threatening to do so while still negotiating a ransom.

Mitigation Strategies

While the article does not provide specific mitigation strategies for Orbit Electric, it is generally recommended for companies to strengthen their access control with multi-factor authentication (MFA) to prevent unauthorized access. Additionally, organizations should regularly update their systems and software to patch known vulnerabilities, implement network segmentation, and conduct regular security audits to identify and address potential weaknesses in their systems.

Sources

  • "Orbit Electric Annual Report 2023" - URL not available
  • "Clop Ransomware Group: An Overview" - URL not available
  • "Best Practices for Ransomware Mitigation" - URL not available

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.