Clop Ransomware Group Claims 43 Victims in Massive 24-Hour Breach Wave

The Clop ransomware group has posted 43 new victims to its dark web leak site within a 24-hour period, targeting organizations across the United States, Canada, United Kingdom, Europe, and New Zealand. The wave of listings includes major brands such as Hilton Hotels and The Weather Company, parent of Weather.com.

High-Profile Targets Lead Victim List

The most prominent names among the claimed breaches include Hilton, the global hospitality giant managing thousands of hotels and resorts worldwide, and The Weather Company, which provides meteorological data and technology services powering Weather.com and numerous weather applications.

Other significant victims include WorkForce Software, a global provider of workforce management and cloud solutions, Brink's New Zealand, the security and logistics company known for cash management and secure transport, and Trust Payments, a UK-based fintech company providing global payment processing solutions.

Legal and Financial Sectors Heavily Targeted

Multiple law firms appear on the list including Kazmi Law, a Canadian firm based in Calgary, LDHR Law and Wren Law Firm in the United States, Toml Lawyers in Canada, and McMath Woods P.A., a US firm specializing in personal injury litigation.

Financial services organizations were also targeted. Korol Financial Group, a Canadian financial planning and advisory firm, and Onyx Equities, a US real estate investment and property management company, both appear among the victims.

Technology and IT Service Providers Compromised

A significant portion of the claimed victims are managed IT service providers and technology companies, representing potential supply chain risk for their downstream clients. These include Technikel Solutions, a Vancouver-based MSP, RTC Computers, 4D IT Solutions, Inspyr Solutions, Integritek, and Aerify.io.

Full List of Claimed Victims

The complete list spans multiple industries and geographies. In hospitality and travel, Clop listed Hilton and Whiski Jack Resorts, a vacation rental company based in Whistler, British Columbia.

Media and entertainment victims include The Weather Company and Vertigo Releasing, a UK-based film distribution company.

Healthcare-adjacent organizations include Genesys Spine, a medical device company focused on spinal systems, and Excelas, a provider of medical coding, auditing, and consulting services.

Construction and architecture firms targeted include Smith Dalia Architects and Montalba Architects in the United States, Brødrene Alseth in Norway, Baqus in the United Kingdom, and ModTech in Canada.

Additional victims include Eastern Platinum Limited, a platinum group metal mining company operating in Canada and South Africa, KCD Worldwide, a leading fashion services and publicity agency, Group AMS, a UK specialist safety and technology business, Clearway Group, a UK security and vacant property management company, Wild Ridge Landscape, Vista Training, Elk Air, WFR Wholesale Fire & Rescue, Centaur Products, Warranty First, ECA USA, IT Robotics, Integroy, Bureaux, and Corpus Christi College in Vancouver.

Clop's Continued Mass Exploitation Campaigns

Clop has established a pattern of mass breach announcements, typically following exploitation of vulnerabilities in widely-deployed enterprise software. The group gained notoriety for exploiting flaws in MOVEit Transfer, GoAnywhere MFT, and Accellion FTA, affecting hundreds of organizations in previous campaigns.

The attack vector for this latest wave has not been confirmed. Organizations listed on ransomware leak sites should treat the claims seriously while conducting independent verification, as threat actors occasionally list victims falsely or include organizations from previous breaches.

None of the named organizations have publicly confirmed breaches at time of publication.