Clop ransomware gang operators published proof of successful breaches of multiple large universities across the United States. The threat actors associated with Clop ransomware have been targeting Accellion FTA servers, stealing sensitive data and demanding high ransoms by employing a ‘double-extortion’ tactic to ensure payment. First, the threat actors steal sensitive corporate data from the network, then they deploy ransomware onto the network to encrypt all files, forcing the victims to make a difficult choice. Lastly, Clop ransomware gang operators target top executives and prioritize stealing data from the executives to pressure companies into paying higher ransom requests.