These attacks involved the use of a specific web shell called “DEWMODE” for exfiltrating stolen information. In 2020, the financially motivated hacking group FIN11 started deploying Clop ransomware, leveraging zero-day vulnerabilities in the Kiteworks file transfer appliance. This approach allowed the ransomware to evade security detection effectively. Operating as a ransomware-as-a-service (RaaS) model, Clop was used by a Russian-speaking group and disguised its malicious intent by utilizing verified and digitally signed binaries. This article aims to provide an informative profile of the Clop ransomware gang, detailing its history, operations, and recent activities.Ĭlop originated as a variant of the CryptoMix ransomware family and gained prominence in February 2019 when the threat group known as TA505 employed it in a large-scale spear-phishing email campaign. Employing sophisticated techniques and constantly evolving their strategies, the group has successfully targeted high-profile organizations worldwide. In recent years, the Clop ransomware gang has emerged as one of the most prolific and notorious cybercriminal organizations.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |