Ransomware doesn’t take a break - it just breaks records

WHAT. A. WEEK. When the start of 2025 seemed relatively quiet in the world of ransomware–serene almost–you could be forgiven for getting comfortable. But with Clop’s imminent release of its 60-ish victims hanging over us like a dark cloud, it was only a matter of time until said cloud burst. And burst it did.

But as the list of Clop Cleo victims rained down on us, they were joined by some earth-shattering rumbles of thunder as record-breaking data breaches were reported.

Even data backups aren't safe without backup protection

Shouldn’t that be illegal?

As news emerged this week of the UK looking to ban government entities from making ransom payments, we were also left questioning the legal implications (or lack thereof) of delayed data breach reporting.

NY legal firm, Wolf Haldenstein Adler Freeman & Herz LLP, had previously issued data breach notifications in May 2024 following a cyber attack (claimed by Black Basta) in December 2023. 211 people in total were said to have been affected.

Not so bad, right?

Wrong!

This week (13 months after the attack), Wolf Haldenstein updated its breach notifications and its victim count rose to a staggering 3,445,537.

Congratulations, Wolf Haldenstein, this has become the biggest data breach (via ransomware) on a US law firm since our reporting began (2018). AND, the ninth-largest breach on any US organization in 2023...even though we only learned about it in 2025.

Read more about the absolute carnage in this breach

A new “high”

Talking of records:

This week also saw 2024’s biggest data breach (via ransomware) in the US retail sector. Cannabis retailer STIIIZY notified 380,000 customers of a data breach following an attack in October 2024, which was claimed by Everest.

Talk about losing your buzz.

Everest got high on cannabis data? That's like a bad joke

Clop if you can hear the sound of squirming IT managers

After numerous threats, Clop finally released its list of victims that were exploited through the Cleo vulnerability.

Of these were:

🇺🇸 - 43 US organizations

🇨🇦 - 7 Canadian organizations

🚒 - 14 transport companies

💻 - 12 technology companies

🧰 - 11 manufacturing companies

What records did this break?

Well, as these victims were all victims from December 2024, it pushed the total number of attacks claimed by hackers to over 580–the highest of any month in 2024.

Clop doesn’t seem to have finished, either. After this week’s release it said: “Dear companies, a new part of the companies list will be partially opened and presented on 21.01. Hurry up to contact us so that your name is not on this list!”

​

Just a drop in the bucket, but still a very big drop

The Security Risk You're Overlooking? Service Accounts

Service accounts are often set up once during application installation or system configuration and then left unmanaged. Many IT professionals assume these accounts are inherently secure because they're used by applications rather than humans.
​
True, but...they're still a security risk, and possibly more than human user accounts if their management is not being automated.
​​
Hot tips:​
​
Configure service accounts with only the permissions they need to perform their functions.

• Assign unique, strong passwords to all service accounts
• Use IP or hostname restrictions to limit where the service account can log in from
• Periodically review service account usage, privileges, and activity logs
• Implement automated password rotation policies for service accounts.
• Enable logging and monitoring to detect unusual or unauthorized activity associated with service accounts.
• Maintain up-to-date documentation on service account usage and configurations

This is one of the reasons PAM tools are a must-have

​

Until next week. Let’s keep that zero-day count at zero!