On 25 November 2021, the marine services provider SPO fell victim to a CLOP ransomware attack orchestrated by the Russian-based CLOP Gang. The attack involved the encryption of files using a variant of the CryptoMix ransomware family, which exploited vulnerabilities to bypass security measures. The attackers exfiltrated sensitive data, including full names, company details, locations, phone numbers, email addresses, bank information, and passport scans of employees. The breach primarily affected 2,500 employees across 18 countries, with the highest concentration of victims in Singapore and Malaysia, followed by China, the Philippines, and the UK. The compromised records belonged to both seafaring and onshore workforce, exposing personal and financial details. While the attack did not disrupt SPO’s global operations, the exposure of such data poses significant risks, including identity theft, financial fraud, and reputational damage. SPO responded by strengthening security protocols, collaborating with cybersecurity experts to investigate the incident, and implementing measures to mitigate future risks. The motive behind the attack remains unclear, but the data theft and ransomware deployment indicate a targeted effort to exploit sensitive corporate and employee information for potential extortion or malicious use.
TPRM report: https://www.rankiteo.com/company/swire-energy-services
"id": "swi335092125",
"linkid": "swire-energy-services",
"type": "Ransomware",
"date": "11/2021",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': 'no',
'industry': 'marine services',
'location': ['Singapore',
'Malaysia',
'China',
'Philippines',
'United Kingdom'],
'name': 'SPO (marine services provider)',
'type': 'private company'}],
'data_breach': {'data_encryption': 'yes (CLOP ransomware)',
'data_exfiltration': 'yes (screenshots released by threat '
'actor)',
'number_of_records_exposed': 2500,
'personally_identifiable_information': 'yes',
'sensitivity_of_data': 'high',
'type_of_data_compromised': ['personally identifiable '
'information (PII)',
'financial data',
'passport scans']},
'date_detected': '2021-11-25',
'description': 'An attack on the IT systems of marine services provider SPO '
'occurred on 25 November 2021, involving the CLOP ransomware '
'variant deployed by the Russian-based CLOP Gang. The group '
'claimed responsibility and released screenshots of stolen '
'data, which included sensitive employee information such as '
'full names, company details, locations, phone numbers, email '
'addresses, bank details, and passport scans. The attack '
'primarily impacted employees in Singapore and Malaysia, with '
'additional records from China, the Philippines, and the UK. A '
'total of 2,500 individuals (seafaring and onshore workforce '
'across 18 countries) were exposed. The incident did not '
"significantly disrupt SPO's global operations. The company is "
'collaborating with data security specialists to investigate '
'and enhance security measures.',
'impact': {'data_compromised': ['full names',
'company name',
'locations',
'phone numbers',
'email addresses',
'bank details',
'passport scans'],
'identity_theft_risk': 'high (due to exposed PII and passport '
'scans)',
'operational_impact': 'no significant impact on global operations',
'payment_information_risk': 'high (bank details exposed)'},
'investigation_status': 'ongoing (collaborating with data security '
'specialists)',
'post_incident_analysis': {'corrective_actions': 'strengthening security '
'measures'},
'ransomware': {'data_encryption': 'yes',
'data_exfiltration': 'yes',
'ransomware_strain': 'CLOP (CryptoMix family)'},
'response': {'containment_measures': 'strengthened security measures',
'incident_response_plan_activated': 'yes',
'third_party_assistance': 'data security specialists'},
'threat_actor': 'CLOP Gang',
'title': 'Ransomware Attack on Marine Services Provider (SPO) by CLOP Gang',
'type': 'ransomware'}