Clop Ransomware Has Returned and Is Busier than Ever

NCC Group security experts said that the Clop ransomware gang has returned following the shutting down of their entire operation for four months between November and February.

CL0P had an explosive and unexpected return to the forefront of the ransomware threat landscape, jumping from the least active threat actor in March to the fourth most active in April.


More on Clop Ransomware

Clop Ransomware belonging to a popular Cryptomix ransomware family is a dangerous file-encrypting virus that actively avoids security systems and encrypts the saved files by planting the .Clop extension. It exploits AES cipher to encrypt pictures, videos, music, databases papers, and attach.CLOP or .CIOP file extension, which prevents victims from accessing personal data. For example,  “sample.jpg” is renamed to “sample.jpg.Clop”. This way, the victims are compelled to pay the ransom within a certain time frame in exchange for the alleged recovery of their data.

Clop ransomware is one of the worst computer threats that makes entries in the Windows Registry to attain durability and could start or restrain processes in a Windows domain to stay hidden from the usual antivirus program and computer user.

Impacted Sectors

This increase in activity was observed after the ransomware organization added 21 new victims to their data

Read More: