Clozdloop Suffers Ransomware Attack by Lockbit2

Company Overview

Clozdloop is a company that helps businesses gain control over their sustainability processes. They make it easy for companies to take back, recover, and reuse their high-value products, preventing them from ending up in landfills or being used in someone else's assembly line. The company is well-positioned within the circular economy and has merged with O F Packaging to form the Close the Loop Group.

Vulnerabilities and Exploits

The Lockbit2 ransomware group exploited a previously unknown SQL injection vulnerability (CVE-2023-34362) in Progress Software's managed file Internet-facing MOVEit Transfer web applications. This vulnerability allowed the attackers to install a web shell named LEMURLOOT, which was then used to steal data from underlying MOVEit Transfer databases.

Impact and Mitigation

The attack by Lockbit2 has resulted in the exfiltration of data from the GoAnywhere MFT platform, impacting approximately 130 victims. To mitigate such attacks, organizations are advised to take an inventory of their assets and data, grant admin privileges and access only when necessary, monitor network ports, protocols, and services, and regularly patch and update software and applications to their latest versions.

Sources

• Close The Loop
• CISA: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability
• Lumu.io: Clop Ransomware Blitz: Mitigating This Pervasive Threat
• Karl Palachuk on LinkedIn: How to Escape the Ransomware Attack Loop
• Ransomware Posts - GitHub Pages
• YouTube: Ransomware as a Service Recruiting, Loop DoS Attack, Whit