The Federal Bureau of Investigation (FBI) issued a high-impact threat warning to U.S. businesses and organizations on October 2, 2019. That threat was ransomware, and the FBI warned that cybercriminals “upgrade and change their techniques to make their attacks more effective and to prevent detection.” Although often dismissed as old news by some, that the City of New Orleans recently declared a state of emergency following an attack should be proof enough that ransomware remains a real and present danger. Now an already successful piece of ransomware malware, behind the December 23 attack that encrypted “almost all Windows systems” at Maastricht University, has evolved to become even more of a threat to Windows 10 users. Security researchers have revealed that the latest Clop ransomware variant will now terminate a total of 663 Windows processes before file encryption commences. Clop can kill a host of Windows 10 and Microsoft Office applications. Here’s what is known so far.
A brief history of Clop
Clop first emerged as a pretty straightforward variant of the CryptoMix ransomware family back in March 2019. At the time, it didn’t appear to be anything particularly out of the ordinary, not least as CryptoMix had been making a nuisance of itself since March 2016. However, even in those early days, the threat actors behind Clop were looking to tweak the malware threat: Clop started targeting entire networks rather than just individual Windows machines.
Lawrence Abrams, writing for Bleeping Computer on November 22, 2019, noted that Clop had evolved to attempt the disabling of Windows Defender, and the removal of Microsoft Security Essentials and Malwarebytes’ Anti-Ransomware protections. It was thought that the Russian-speaking TA505 threat group was behind the Clop attacks at the time. The most recently reported, and certainly the biggest, of the Clop attacks hit Maastricht University in the Netherlands on December 23, 2019…Read more>>