Name Clop Ransomware Additional Names Cl0p Type of Malware Ransomware Location – Country of Origin Russia Date of initial activity 2019 Associated Groups Cryptomix ransomware family, Clop, TA505 threat actor Motivation Attacking various sectors for financial gain. Attack Vectors Spam email attachments, trojans, hyperlinks, cracks, unprotected Remote Desktop Protocol (RDP) connection, infected websites, etc Targeted System Any system connected to the Internet

Overview

This malware works by encrypting your files and asks you to pay a certain ransom amount to have them decrypted. It is one of the most dangerous and feared ransomware variants, and it mostly targets Windows users. This advanced security threat starts by blocking most of the Windows processes, so you will not detect when it does the encryption. It will disable most essential security applications such as Windows defender, so your computer will have no chance of protecting the files from encryption.

Targets

Attacking various sectors for financial gain and encrypting assets in corporate networks. Attacking various sectors for financial gain and encrypting assets in corporate networks.

Tools/ Techniques Used

Clop ransomware

Impact / Significant Attacks

A significant attack on a South Korean retailer, demanding $40 million ransom this time, and threatening to leak 2 million cards in case the negotiation fails.

References

1. Clop Ransomware

2. Clop Ransomware: Overview, Operating Mode, and Prevention

3. Cybereason vs. Clop Ransomware

The post Clop Ransomware – Malware first appeared on CyberMaterial.