Combine cutting-edge XDR technology, multi-signal threat intelligence and 24/7 Elite Threat Hunters to help you build a world-class security operation.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Cyber risk and advisory programs that identify security gaps and build security strategies to address them.
24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.
XDR with machine learning that eliminates noise, enables real-time detection and response, and automatically blocks threats.
Seamless integration and threat investigation across your existing tech stack.
Proactive threat intelligence, original threat research and a world-class team of seasoned industry veterans.
Extend your team capabilities and prevent business disruption with expertise from eSentire.
We balance automated blocks with rapid human-led investigations to manage threats.
Guard endpoints by isolating and remediating threats to prevent lateral spread.
Defend brute force attacks, active intrusions and unauthorized scans.
Investigation and threat detection across multi-cloud or hybrid environments.
Remediate misconfigurations, vulnerabilities and policy violations.
Investigate and respond to compromised identities and insider threats.
Stop ransomware before it spreads.
Meet regulatory compliance mandates.
Detect and respond to zero-day exploits.
End misconfigurations and policy violations.
Defend third-party and supply chain risk.
Prevent disruption by outsourcing MDR.
Adopt a risk-based security approach.
Meet insurability requirements with MDR.
Protect your most sensitive data.
Build a proven security program.
Operationalize timely, accurate, and actionable cyber threat intelligence.
THE THREAT On October 23rd, Fortinet disclosed an actively exploited critical zero-day vulnerability impacting multiple versions for FortiManager. The vulnerability, tracked…
Oct 09, 2024THE THREAT Beginning in early September 2024, eSentire observed an increase in the number of incidents involving Lumma Stealer malware; this activity has remained common leading into…
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Multi-Signal MDR with 300+ technology integrations to support your existing investments.
24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.
Three MDR package tiers are available based on per-user pricing and level of risk tolerance.
The latest security advisories, blogs, reports, industry publications and webinars published by TRU.
Compare eSentire to other Managed Detection and Response vendors to see how we stack up against the competition.
See why 2000+ organizations globally have chosen eSentire for their MDR Solution.
News broke earlier today that six members of the Clop (CIOp) Ransomware gang were arrested in Kiev, Ukraine and in surrounding towns earlier today by the Cyber Police Department of the National Police of Ukraine, working in cooperation with law enforcement officials from South Korea (the Republic of Korea) and the United States. eSentire’s security research team, the Threat Response Unit (TRU), confirmed the arrests from a report on the official website of the Ukrainian police. According to the police report, along with arresting the six members, the police seized a Tesla , a Mercedes, the equivalent of $185,000 USD in cash, as well as computer equipment. The report also states that the authorities were able to shut down the IT infrastructure (servers) used by the Clop group. The police report went on to state that the six persons arrested could face up to eight years in prison for their part in the ransomware schemes which are estimated to have caused $500 million in total damages.
As of 1 pm est, June 16, 2021, Clop’s leak/blog site is still up and running on the underground. On the site, they claim to have compromised 57 companies in total and 39 since January 1, 2021. Recent victims they claim to have compromised include a $3.3 billion pharmaceutical company out of India. This would not be off target for Clop since they hit ExecuPharm, a Pennsylvania-based subsidiary of the U.S. biopharmaceutical giant Parexel, in 2020. ExecuPharm provides clinical trial management tools for biopharmaceutical companies.
Clop also compromised multimillion dollar California company, Utility Trailer Manufacturing. It is one of the largest U.S. producers of trailers for the trucking industry. When listing Utility Trailer Manufacturing on their leak site in April, they offer as proof of the breach a variety of employee files containing sensitive data. Utility Trailer confirmed the breach. Clop also lists on their leak site the supermarket chain Foodland. According to one news outlet, an email was sent to Foodland customers stating: “buyers, partners, employees and owners of Foodland that confidential information such as names, addresses, social security numbers, phone numbers and email was stolen.” .” Lawyers for Foodland Supermarkets Ltd. issued an April 23, 2021, notification of a data breach due to a ransomware attack, which was said to have occurred on April 3, 2021. Foodland is Hawaii’s largest locally owned and operated grocery retailers. The chain has 33 stores and more than 2,600 employees. Interestingly, Clop claimed on their blog/leak site that Foodland was one of their victims, prior to Foodland going public with the news on April 23. The Clop gang also claims to have recently hit a regional law firm out of Maryland.
The Clop attacks began in February 2019 and rose to prominence in October 2020, when the Clop operators became the first group to demand a ransom of more than $20 million dollars. The victim, the German tech firm Software AG, refused to pay.
Several of Clop’s 2021 victims are reported to be the result of the supply chain attack against Accellion, a company that provides a file transfer application to companies around the world. It is not known if the Clop gang was behind the cyberattack against Accellion or if the Clop operators were given access to the data by the Accellion hackers. However, it is very interesting how this particular ransomware gang got access to the data of so many customers of Accellion. Clop claims to have gotten their hands on data from Dutch oil giant Royal Shell, security company Qualys, U.S. bank Flagstar, global law firm Jones Day, University of Colorado, University of Miami, Canadian jet manufacturer Bombardier, Stanford University, and the University of California, among others.
In early April 2021, Clop threat actors tried to extort RaceTrac Petroleum, another Accellion victim. RaceTrac is an Atlanta-based company that operates more than 650 retail gasoline convenience stores in 12 southeastern states. According to a statement made on RaceTrac’s website, the Clop threat actors gained access to some of the company’s Rewards Loyalty users’ data: “By exploiting a previously undetected software vulnerability, unauthorized parties were able to access a subset of RaceTrac data stored in the Accellion File Transfer Service, including email addresses and first names of some of the company’s RaceTrac Rewards Loyalty users.”
“We feel that the Clop ransomware gang is particularly lethal because not only do they encrypt companies and organization’s critical data, causing many to temporarily shut down their operations, but they go to great lengths to extort ransom payments from their victims by notifying the victim company’s customers, partners and employees of the breach and by publishing sensitive data of the victim company’s employees, such as driver’s licenses, passports, correspondence containing mailing addresses, annual salaries, etc.,” said Rob McLeod, Sr. Director of the TRU team. “Any threat actor can go down to the underground and view these documents on the Clop website, and potentially use this sensitive data for their own cyber scams.”
Clop made headlines in 2021 for their tactic of culling through victims’ stolen data and retrieving contact information for the company’s customers and partners, then emailing them urging them to make the victim company pay the ransom. Clop operators’ emails typically say that the recipient is being contacted because they are a customer of the victim organization, and their personal data, including phone numbers, email addresses, and financial information, will soon be leaked on a Dark Web site if the company does not pay the ransom. The note below was published by security reporter Brian Krebs and is said to be a message sent to a RaceTrac rewards member. (See image 1.)
Image 1: Note from the Clop ransomware gang to a member of the RaceTrac rewards club.
For more information about this threat and how to protect against it go to https://www.esentire.com/get-started