The infamous Clop Ransomware has made a major comeback to the cyber-world. This new Clop strain is empowered with a brand-new & integrated process killer that is capable of targeting processes associated with Windows 10 Applications, text editors, programming languages & Microsoft office applications.
Cyber-security researchers have found the latest Clop Ransomware variant attempting to stop & remove antivirus solutions & other native security tools from the impacted Windows machines. It terminates vital 663 Windows processes before encrypting the files & appending them with its malicious .clop extension.
Victims from around the world are looking for Clop Ransomware removal instructions & ways to prevent it from attacking their systems again.
Here’s what the cyber-security analysts have known about Clop so far.
Clop Ransomware made its first appearance in the cyber-world on 10th February 2019. It seemed an ordinary Cryptomix Ransomware Variant that showcased all the prominent features of Cryptomix. It targeted images, audio files, video files, text files & databases and encrypted them with highly-complex Encryption Algorithm. The encrypted files were appended with .clop extension & made inaccessible to the users.
However, cyber-security analysts observed a sudden change in Clop Ransomware behavior in March 2019. It was seen disabling services for various applications including BackupExec, MySQL, Microsoft SQL Server & Microsoft Exchange. It began to target entire networks rather than infecting individual Windows-OS based machines.
The Attack of Clop Ransomware in March 2019 confirmed that it was being employed by a group of hackers known as TA505 as the final payload after a network is compromised. Other crypto-viruses that were prevalent during this time were Ryuk Ransomware, BitPaymer & DoppelPaymer.
The adoption of Clop by hacker’s group TA505 paved a way to the development of nasty Clop Ransomware. They customized Clop to perform network-wide encryption.
November 2019 observed the appearance of new variant of devious Clop Ransomware. The new Clop variant attempted to disable Windows Defender & removed a myriad of Microsoft Security Essentials and antivirus programs so as to avoid detection by the future security updates.
It would employ a small program & configure various Registry values to render security tools & Windows Defender inoperative before encrypting the files on infected Windows machine. It would disable Tamper Protection, cloud detections & real-time protection.
Russian-speaking hacker group TA505 was suspected to be the threat actor behind the attacks.
The most recent attack of Clop was reported last month in Maastricht University in the Netherlands.
A brand-new Clop Variant was discovered by a team of cyber-security analysts in late December 2019. It possesses the capability of terminating 663 Windows processes before it can encrypt files.
While it is common for the Ransomware programs to terminate vital processes, the Clop Ransomware disables security software as it could hinder the process of encryption.
And now, Clop has taken the process of encryption a step ahead! It terminates a total of 663 Windows Processes on the infected PC before proceeding with Encryption of targeted files.
These processes include new Windows 10 Applications, popular Text Editors, debuggers & programming languages.
Other processes that new Clop Variant is capable of terminating include:
While the reason behind encryption of processes such as Calculator & Snagit is still unknown, it is suspected that attackers intended to encrypt the configuration files used by these processes.
Besides the introduction of a new process killer feature, this Clop Ransomware variant also utilizes a new .Clop extension, rather than the extensions used in its previous versions.
Though Clop is infecting organizations & minting enormous illicit revenue, it is also expected to receive massive development as the hackers behind it are continuously evolving their strategies.
Subscribe to our newsletter today to receive updates on the Latest News and Threats.
The researchers at Virus Removal Guidelines are dedicated to track down the latest vulnerabilities which may infringe your system security. Our team of expert performs a detailed research about every malware infection before educating our users about the same.
Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.