The Clop ransomware gang has returned with a new mass-exploitation campaign, this time targeting a zero-day vulnerability (CVE-2025-7788) in “SafeMove,” a popular managed file transfer (MFT) solution used by enterprises to share sensitive data.
Business Impact
Similar to the MOVEit attacks of 2023, this is a mass data theft event. Organizations using SafeMove likely have highly sensitive data (PII, financial records, intellectual property) currently being exfiltrated by the terabyte, leading to massive regulatory and extortion risks.
Why It Happened
Clop specializes in finding SQL injection vulnerabilities in internet-facing MFT appliances. This allows them to bypass authentication and directly query the database to download all stored files.
Recommended Executive Action
If your organization uses SafeMove, take it offline immediately. Do not wait for a patch. Assume all data on the appliance has been stolen. Activate your incident response plan and begin legal counsel regarding breach notification requirements.
Hashtags: #Ransomware #Clop #ZeroDay #FileTransfer #DataBreach #SupplyChain #SafeMove #InfoSec