Clop

Cl0p (Clop) is a FIN11 ransomware family active since 2019. Sourced from GOZi. Mass data theft with MOVEit/GoAnywhere vulnerabilities. RSA-1024 + AES + IOCP fast encryption.

Threat Profile
Type Ransomware
Programming LanguageC/C++
C2 ProtocolEmail
First Seen2019
Targets Kuresel — Kurumsal, Saglik, Finans
Purpose / Capabilities
  • File Encryption
  • Data Exfiltration
No C2 servers have been identified for this family yet.

Research Reports (2)

Critical

Cl0p Ransomware -- 336KB, RSA Public Key Gomulu, IOCP Hizli Sifreleme, CreateMutexA | Kritik

Cl0p 336KB. RSA public key gomulu. IOCP ile hizli dosya sifreleme. CreateMutexA.

Read Report →
Critical

Cl0p Ransomware — 50+ Servis Kill, Veeam/Acronis/Sophos/McAfee/SQL Imha Listesi, vssadmin Shadow Delete | Kritik

Cl0p fidye yazilimi — 50+ enterprise servis kill komutu, Veeam/Acronis/Sophos/McAfee/MySQL/MSSQL imha, vssadmin shadow delete.

Read Report →