View All R&D Articles

State Department Offers Reward for CL0p Ransomware Gang

June 30, 2023

The State Department is offering a reward of up to $10 million for information related to the activities of the CL0p Ransomware Gang, a notorious group of cyber actors believed to be responsible for recent attacks.

In a tweet, the Department’s Rewards for Justice account requested info linking CL0p to cyberattacks targeting U.S. critical infrastructure. Individuals can send information to the Justice Department anonymously via Signal, WhatsApp, or its Tor-based tip line.

The announcement follows a wave of high-profile ransomware attacks, which cybersecurity experts have attributed to CL0p. Most recently, the University of California Los Angeles (UCLA) announced a significant breach of one of its systems, though the university described the attack as “not a ransomware incident.”

What Is the CL0p Ransomware Gang?

CL0p is a ransomware-as-a-service group, which reportedly operates by selling malicious software to other bad actors in exchange for a portion of the ransom and victim data. 

According to a report from Reuters, CL0p has been linked to extortion attempts on 121 organizations. Here’s what we know about the group:

  • CL0p is believed to be based in Russia or in a Russian-speaking country. The name CL0p may be a pun based on the Russian word for “bug.” 
  • CL0p is behind the recent MOVEit hack, which targeted an exploit in MOVEit Transfer, a popular file transfer program used by enterprises. 
  • CL0p utilizes name-and-shame tactics: If the victim doesn’t pay the ransom, their data may be posted to darknet websites.

The MOVEit hack has impacted major organizations like Sony, Shell PLC, and the United States Energy Department. 

CL0p Ransomware Recovery: Key Considerations

At, we’re investigating potential solutions for CL0p ransomware attacks. Like many ransomware-as-a-service groups, CL0p has focused on high-value targets — accounting firms, large enterprises, and U.S. infrastructure. 

If your organization uses MOVEit Transfer, follow these instructions from Progress to update the software and mitigate the threat. 

If you’ve been impacted by the hack, take immediate action:

  • Isolate the affected systems. The MOVEit exploit utilizes the moveitsvc service account user, which enables attackers to execute code, circumvent virus protection, and carry out other actions. 
  • Fulfill any legally mandated reporting requirements. 
  • Do not pay the ransom. While the exact location of the CL0p ransomware group is unknown, paying a ransom may be illegal, particularly if the group is in Russia, Cuba, or another country on the U.S. Office of Foreign Assets Control’s Specially Designated Nationals and Blocked Persons List (SDN List).

Contact a professional ransomware recovery provider to discuss the next steps. Ransomware experts may help you identify the vector of attack, improve security controls, and monitor the dark web for data leaks. provides a comprehensive solution for avoiding — and recovering from — ransomware attacks. From the initial consultation, we’re dedicated to providing our clients with total peace of mind while fighting back against malicious actors.

To learn more, call 1-800-237-4200 and ask to speak with a ransomware specialist.