{
	"id": "36e621b9-4597-40ea-88d4-c5202c9f899e",
	"created_at": "2026-04-06T00:11:09.507058Z",
	"updated_at": "2026-04-10T03:19:57.726268Z",
	"deleted_at": null,
	"sha1_hash": "ccb0e3bcc2c9a75532da3ce4b337e66eb424264e",
	"title": "Ransomware gang urges victims\u0026rsquo; customers to demand a ransom payment",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 3673850,
	"plain_text": "Ransomware gang urges victims\u0026rsquo; customers to demand a ransom\r\npayment\r\nBy Lawrence Abrams\r\nPublished: 2021-03-26 · Archived: 2026-04-05 17:58:04 UTC\r\nA ransomware operation known as 'Clop' is applying maximum pressure on victims by emailing their customers and asking\r\nthem to demand a ransom payment to protect their privacy.\r\nA common tactic used by ransomware operations is to steal unencrypted data before encrypting a victim's network. This data\r\nis then used in a double-extortion tactic where they threaten to release the data if a ransom is not paid.\r\nWhen data is published, it can be damaging to the victim and their customers, as the stolen data could contain personal\r\ninformation, credit cards, social security numbers, and even government-issued identification.\r\nhttps://www.bleepingcomputer.com/news/security/ransomware-gang-urges-victims-customers-to-demand-a-ransom-payment/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/ransomware-gang-urges-victims-customers-to-demand-a-ransom-payment/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\nClop warns customers of impending data leaks\r\nAfter the Clop gang stole data from jet maker Bombardier in an Accellion hack, they leaked a small amount on their\r\nransomware data leak site. A week later, the threat actors began emailing journalists to let them know that further data would\r\nbe released.\r\nAs Bombardier had already disclosed the data breach, this tactic did not work as hoped by the threat actors.\r\nHowever, Clop has now taken it a step further and directly emailed victims' customers found in files or database dumps\r\nstolen during the ransomware attack.\r\nThe tactic first started with Flagstar Bank customers and then with people exposed in the University of Colorado's Accellion\r\nhack.\r\nIn an email seen by BleepignComputer, Clop is now using the same tactic to the customers of an online maternity clothing\r\nstore, which will not be naming.\r\nIn these emails, Clop is sending customers threatening emails with the subject \"Your personal data has been stolen and will\r\nbe published.\"\r\nThese emails say that the recipient is being contacted as they are a customer of the store, and their personal data, including\r\nphone numbers, email addresses, and credit card information, will soon be published if the store does not pay a ransom.\r\n\"Perhaps you bought something there and left your personal data. Such as phone, email, address, credit card information and\r\nsocial security number,\" the Clop gang states in the email.\r\nhttps://www.bleepingcomputer.com/news/security/ransomware-gang-urges-victims-customers-to-demand-a-ransom-payment/\r\nPage 3 of 5\n\nEmail to customer's of an online store\r\nClop then tells the customer to \"Call or write to this store and ask to protect your privacy!!!!\"\r\nIn other words, the Clop gang is hoping that if enough customers contact the store about their stolen data, the store will pay\r\nthe ransom to prevent the data from being published.\r\nWhile I do not think this tactic will work, it illustrates the continuing pressure ransomware gangs apply to victims by leaking\r\ntheir data and scaring their customers.\r\nClop is not alone in their attempts to apply maximum pressure on victims to get them to pay ransoms.\r\nEarlier this month, we reported that the REvil ransomware operation was planning on DDoSing victims or making VOIP\r\ncalls to victims' customers to apply further pressure.\r\nSadly, regardless of whether a ransom is paid, consumers whose data has been stolen are still at risk as there is no way of\r\nknowing if ransomware gangs delete the data as they promise.\r\nhttps://www.bleepingcomputer.com/news/security/ransomware-gang-urges-victims-customers-to-demand-a-ransom-payment/\r\nPage 4 of 5\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/ransomware-gang-urges-victims-customers-to-demand-a-ransom-payment/\r\nhttps://www.bleepingcomputer.com/news/security/ransomware-gang-urges-victims-customers-to-demand-a-ransom-payment/\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia",
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/ransomware-gang-urges-victims-customers-to-demand-a-ransom-payment/"
	],
	"report_names": [
		"ransomware-gang-urges-victims-customers-to-demand-a-ransom-payment"
	],
	"threat_actors": [],
	"ts_created_at": 1775434269,
	"ts_updated_at": 1775791197,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/ccb0e3bcc2c9a75532da3ce4b337e66eb424264e.pdf",
		"text": "https://archive.orkl.eu/ccb0e3bcc2c9a75532da3ce4b337e66eb424264e.txt",
		"img": "https://archive.orkl.eu/ccb0e3bcc2c9a75532da3ce4b337e66eb424264e.jpg"
	}
}