clop attacks Saks Fifth Avenue

Date:

March 21, 2023

World map

Overview

Title

clop attacks Saks Fifth Avenue

Victim

Saks Fifth Avenue

Attacker

Cl0p

Location

New York, USA

New York, New York

Size of Attack

Unknown/TBD

First Reported

March 21, 2023

Last Updated

October 31, 2022

The Cl0p ransomware gang listed "Saks Fifth Avenue" on its dark web data leaks website and claims to have exfiltrated data, which Saks claims was merely “mock customer data does not include real customer or payment card information and is solely used to simulate customer orders for testing purposes.”

“The cyber security incident is among Clop's ongoing attacks against vulnerable GoAnywhere MFT servers belonging to established enterprises. Although the company states no real customer data is impacted, it did not address if corporate or employee data was stolen,” Bleeping Computer reported.

“The threat actor has not yet disclosed any additional information, such as what all data it stole from the luxury brand retailer's systems, or details about any ongoing ransom negotiations... BleepingComputer reached out to Saks to better understand the scope of this incident. A spokesperson confirmed the incident was linked to Fortra.”

Takeaway: While there are few details available about the data breach aspect of the Saks attack, the notion that Cl0p may have only exfiltrated "fake data" stood out as a potential case where deception techniques proved masterful in undermining the attack. Instead, Saks indicated it was "mock data" used to "simulate customer orders for testing" that was stolen.  

Nevertheless, if these details are accurate, it does suggest that data deception techniques can be really valuable in the case where operators like Cl0p are looking to first exfiltrate sensitive data before deploying the ransomware payload and then using the threat of exposing that stolen data to compel the victim to pay a hefty ransom demand.  

While EPP/NGAV/EDR/XDR endpoint tools don't typically offer deception as a feature, organizations can opt to run endpoint solutions alongside those tools that are designed specifically to defeat ransomware that includes deception techniques to fool the attackers into exfiltrating mock data instead of the real thing. Were this the case with the Cl0p attack on Saks, it's readily apparent that the strategy would have put the company in a much better position to forego payment of the ransom and instead work to mitigate the attack by restoring infected systems from backups.  

Better yet, if the anti-ransomware solution also captured the attacker's encryption keys, most if not all of the impacted systems could be easily restored through automated means, keeping operations running and saving the victim company a lot of trouble and lost revenue. Ransomware attacks can be defeated, but it requires a slightly different approach than has been traditionally offered by endpoint protection tools designed to combat attacks leveraging other forms of malware.

Organizations require a robust prevention and resilience strategy to defend against ransomware attacks, including endpoint protection solutions, patch management, data backups, access controls, employee awareness training, and organizational procedure and resilience testing into all ransomware readiness plans.

Halcyon.ai is the industry’s first dedicated, adaptive security platform that combines multiple advanced proprietary prevention engines along with AI models focused specifically on stopping ransomware – talk to a Halcyon expert today to find out more.

The Cl0p ransomware gang listed "Saks Fifth Avenue" on its dark web data leaks website and claims to have exfiltrated data...

Oh no!

This attack's description was not found, while we work on the detailed account of this attack we invite you to browse through other recent Rasomware Attacks in the table below.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.

LockBit attacks Leos Jeans
Date
November 15, 2023
Ransomware group
LockBit
Location

Butzbach, Germany

Butzbach, Germany

Industry
Retail Trade
Victim
Leos Jeans
LockBit attacks Leos Jeans
Date
November 15, 2023
Ransomware group
LockBit
Location

Butzbach, Germany

Butzbach, Germany

Industry
Retail Trade
Victim
Leos Jeans
BlackCat/ALPHV attacks 4set
Date
November 14, 2023
Ransomware group
ALPHV
Location

Bizkaia, Spain

Basco, Spain

Industry
Professional, Scientific & Technical Services
Victim
4set
BlackCat/ALPHV attacks 4set
Date
November 14, 2023
Ransomware group
ALPHV
Location

Bizkaia, Spain

Basco, Spain

Industry
Professional, Scientific & Technical Services
Victim
4set
Cuba attacks DiagnosTechs
Date
November 14, 2023
Ransomware group
Cuba
Location

Federal Way, USA

Washington, USA

Industry
Professional, Scientific & Technical Services
Victim
DiagnosTechs
Cuba attacks DiagnosTechs
Date
November 14, 2023
Ransomware group
Cuba
Location

Federal Way, USA

Washington, USA

Industry
Professional, Scientific & Technical Services
Victim
DiagnosTechs
NoEscape attacks Carespring Health Care Management
Date
November 14, 2023
Ransomware group
NoEscape
Location

Cincinnati, USA

Ohio, USA

Industry
Healthcare
Victim
Carespring Health Care Management
NoEscape attacks Carespring Health Care Management
Date
November 14, 2023
Ransomware group
NoEscape
Location

Cincinnati, USA

Ohio, USA

Industry
Healthcare
Victim
Carespring Health Care Management
BlackCat/ALPHV attacks Execuzen
Date
November 14, 2023
Ransomware group
ALPHV
Location

London, United Kingdom

London, United Kingdom

Industry
Professional, Scientific & Technical Services
Victim
Execuzen
BlackCat/ALPHV attacks Execuzen
Date
November 14, 2023
Ransomware group
ALPHV
Location

London, United Kingdom

London, United Kingdom

Industry
Professional, Scientific & Technical Services
Victim
Execuzen
LockBit attacks University of the Aegean
Date
November 13, 2023
Ransomware group
LockBit
Location

Mytilene, Greece

Mytilene, Greece

Industry
Education
Victim
University of the Aegean
LockBit attacks University of the Aegean
Date
November 13, 2023
Ransomware group
LockBit
Location

Mytilene, Greece

Mytilene, Greece

Industry
Education
Victim
University of the Aegean
LockBit attacks Hotel Ampere Paris
Date
November 12, 2023
Ransomware group
LockBit
Location

Paris, France

Paris, France

Industry
Accommodations & Food Services
Victim
Hotel Ampere Paris
LockBit attacks Hotel Ampere Paris
Date
November 12, 2023
Ransomware group
LockBit
Location

Paris, France

Paris, France

Industry
Accommodations & Food Services
Victim
Hotel Ampere Paris
LockBit attacks Carson Team
Date
November 12, 2023
Ransomware group
LockBit
Location

Portland, USA

Oregon, USA

Industry
Other
Victim
Carson Team
LockBit attacks Carson Team
Date
November 12, 2023
Ransomware group
LockBit
Location

Portland, USA

Oregon, USA

Industry
Other
Victim
Carson Team
Cuba attacks Port Adelaide FC
Date
November 12, 2023
Ransomware group
Cuba
Location

Alberton, Australia

South Australia, Australia

Industry
Arts, Entertainment & Recreation
Victim
Port Adelaide FC
Cuba attacks Port Adelaide FC
Date
November 12, 2023
Ransomware group
Cuba
Location

Alberton, Australia

South Australia, Australia

Industry
Arts, Entertainment & Recreation
Victim
Port Adelaide FC
LockBit attacks Floortex
Date
November 11, 2023
Ransomware group
LockBit
Location

Tewkesbury, United Kingdom

Gloucestershire, United Kingdom

Industry
Manufacturing
Victim
FloorTex
LockBit attacks Floortex
Date
November 11, 2023
Ransomware group
LockBit
Location

Tewkesbury, United Kingdom

Gloucestershire, United Kingdom

Industry
Manufacturing
Victim
FloorTex