Clop Ransomware

    Clop is a ransomware that encrypts data, renaming each file by appending the .clop extension.

    The history of Clop ransomware

    Clop ransomware first emerged in 2019, when it became a prevalent threat to organizations and businesses. Clop ransomware encrypts the victims files and threatens to leak the confidential information if no ransom is paid.

    To date, it is estimated Clop ransomware has successfully extorted more than $500 million from various organizations, including multinational energy companies and at least two prominent United States universities.

    In this article we will cover what Clop ransomware and its variants are, what threats they can pose to your organization, and how you can prevent Clop ransomware attacks.




    What is Clop ransomware?

    Clop is a variant of CryptoMix Ransomware that encrypts data, renaming each file by appending the .clop extension to encrypted files. Its name comes from the Russian word “klop” meaning bed bug. One of the more sophisticated aspects of Clop ransomware attempts to disable Windows Defender and to remove the Microsoft Security Essentials. This helps Clop covertly infiltrate the victim’s system.

    Clop ransomware operating model

    Clop ransomware typically goes after assets like data backups, vouchers, email lists, financial records, or other confidential information. Once Clop gains access to the data, the cybercriminals often leak portions of it to prove that they have access, and threaten to leak more if the ransom is not paid.

    Clop ransomware variants

    Clop ransomware has launched several known variants that fundamentally harm organizations in the same ways, but their technical delivery methods become more sophisticated with each new variant. One of the tell-tale signs of a new variant has been the file extension names, which have been documented to appear as “CIIp”, “.Cllp”“.C_L_O_P” “ClopReadMe.txt”, “README_README.txt”, “Cl0pReadMe.txt“ and “READ_ME_!!!.TXT”.


    Who does Clop ransomware target?

    Clop ransomware is known as a “big game hunter” which means the cybercriminals behind Clop often target organizations with large budgets and demand high ransoms, some as high as $20 million.


    How is Clop ransomware spread?

    Clop ransomware is typically spread with phishing campaigns, which disguise malicious links as legitimate emails or software updates.


    How can you remove Clop ransomware?

    It is possible to remove Clop ransomware with a decryption key, which are best obtained from law enforcement agencies after reporting any ransomware attack(s) in your organization.

    It is not advisable to pay ransom to cybercriminals, as this does not guarantee access to your data or files will be restored.


    How to prevent Clop ransomware

    Ideally your organization will never have to deal with the consequences of suffering a ransomware attack because it will have the right cybersecurity protocols in place to prevent ransomware attacks.

    Try on Mimecast for your organization by getting a customized plan and quote.

    Haut de la page