Cl0p Ransomware: Active Threat Plaguing Businesses Worldwide

Category: Ransomware News | Industries: Construction, Education, Energy, Financial Services, Government, Healthcare, Pharmaceutical, Professional Services, Technology, Telecommunications, Transportation | Level: Strategic | Source: Cyble

Since its emergence in 2019, the Cl0p Ransomware-as-a-Service (RaaS) group has established itself as a significant cyber threat, gaining notoriety for its malicious activities. One of the group's most vicious campaigns was the exploit of Fortra GoAnywhere MFT vulnerability (CVE-2023-0669) resulting in the compromise of several large companies, with the ransomware gang claiming to have breached at least 130 companies. Cl0p's activities are frequently linked to Russian affiliates, and its malware is often used in campaigns by groups like FIN11. Researchers from Cyble Research and Intelligence Labs (CRIL) tracked the industry’s most heavily targeted by the gang to be information technology, financial services, healthcare, and professional services. By country, the Cl0p operators heavily favor organizations located in the United States followed by entities located in the United Kingdom and Germany. Despite already being a significant threat, Cl0p has recently expanded its arsenal by adding a Linux encryptor, allowing them to target an even larger number of organizations.

‍