The Cl0p Ransomware Gang's Attack on Crowe

The Cl0p ransomware gang has attacked Crowe. Crowe is a global professional services firm that provides a wide range of consulting, advisory, audit, tax, and technology services to clients across various industries. The firm was founded in 1942 and has since grown into a well-established and respected player in the professional services space. Crowe operates in numerous countries and has a network of member firms that collaborate to offer integrated services to clients worldwide. The firm's services encompass areas such as audit and assurance, advisory, risk consulting, performance improvement, tax planning and compliance, technology consulting, and more.

Cl0p posted Crowe to its data leak site on August 15th but provided no further details. Cl0p is a major Ransomware-as-service (RaaS) platform first observed in 2019. Cl0p is a dangerous ransomware family because it has advanced anti-analysis capabilities and anti-virtual machine analysis to prevent investigations in an emulated environment like those commonly used by security tools. Cl0p is one of just a handful of threat actors that have developed a Linux version. While Linux has a tiny footprint in desktop computing, it runs ~80% of web servers and a substantial portion of embedded devices used in the healthcare field – and this means that Cl0p is likely actively recruiting new talent to help improve their platform and expand the scope of what and whom they can attack.