Clop Ransomware

Caleb Boma | March 1st, 2021


Like many other threat groups, Clop ransomware uses double extortion tactics to entice victims to pay hefty ransom demands. SpearTip’s cyber experts have seen a rise in Clop’s activity recently. This may have come due to the fact international law enforcement has been quite successful in disrupting their threat actor competitors. While they’ve been out of the mix, Clop has filled the gap.

Clop Ransomware Target Organizations’ CEO

Clop was first discovered in February 2019 and eventually evolved to the point where they demanded the first ransomware payment of over $20 million in October 2020.

An unusual tactic used by Clop is targeting organizations from the top down. They look to target executives or CEO machines to exfiltrate sensitive information. This is a tactic to coerce the executive teams in organizations to pay ransom demands. It’s a smart move by the threat actors because they’re likely to get more of a reaction by thieving the employees at the top of a corporation rather than any other employee in the organization.

As threat groups have moved on from random attacks aimed at larger corporations, this extortion method of targeting executives could result in a better outcome for them considering it might be the person deciding if a ransom is paid or not.

Threat groups will continue to evolve their tactics as time goes on, so in order to protect your environment, take the time to budget for cybersecurity. SpearTip’s Security Operations Center offers continuous monitoring of entire organizations so threat groups like Clop can’t attack your executives and coerce payments. The internal communication and collaboration of the engineers in our Security Operations Center allow for the fastest response against any lurking threat actors.

Clop’s evolution has given them the ability to evade general security software and even disable certain security programs before any encryption occurs. This evasion gives even more evidence as to why a Security Operations Center operating 24/7 is crucial to business success. Our ShadowSpear® Platform is a great sidekick to our certified engineers because it is more advanced than your average antivirus tools. ShadowSpear® identifies threats and notifies our team of potential intrusions before they happen. This interwoven tandem works as a unit in stopping malicious cyber threats for enterprises of any size and in any industry.

SpearTip’s cyber professionals continuously monitor environments 24/7 in our US-based Security Operations Center. Our certified engineers work in unison with our proprietary endpoint detection and response tool, ShadowSpear®. This allows your organization to have direct communication with our engineers at any moment and a completely transparent view of your risk profile.

If you are experiencing a breach, please call our Security Operations Center at 833.997.7327.


Connect With Us

Featured Articles

Cybersecurity Health Checks
Cybersecurity Health Checks: Why Companies Need Them
22 April 2024
New Loop DoS Attack
New Loop DoS Attack Affecting Linux Systems
19 April 2024
Possible Cyberattack
Possible Cyberattack During 2024 Summer Olympics
15 April 2024
Tabletop Exercises
Tabletop Exercises: Transformative Impact on Companies
12 April 2024

See ShadowSpear in Action

Identify, neutralize, and counter cyberattacks - provide confidence in your security posture

Stay Connected With SpearTip

Inside the SOC Newsletter

View our articles that cover trending topics in cybersecurity with insights from our 24/7/365 Security Operations Center.

ShadowSpear Platform

Cybersecurity actors are working around the clock, shouldn’t your security team be too? Technology solutions and security controls fail for a number of reasons, poor deployment, improper implementation, or just no one monitoring the alerts.

ShadowSpear Demo

Experience ShadowSpear for yourself. Our lightweight, integrated solution will help you sleep easier at night and provide immediate confidence in your security posture.