Caleb Boma | March 1st, 2021

Like many other threat groups, Clop ransomware uses double extortion tactics to entice victims to pay hefty ransom demands. SpearTip’s cyber experts have seen a rise in Clop’s activity recently. This may have come due to the fact international law enforcement have been quite successful in disrupting their threat actor competitors. While they’ve been out of the mix, Clop has filled the gap.

Clop was first discovered in February of 2019 and eventually evolved to the point where they demanded the first ransomware payment over $20 million in October of 2020.

An unusual tactic used by Clop is targeting organizations from the top down. They look to target executives or CEO machines to exfiltrate sensitive information. This is a tactic to coerce the executive teams in organizations to pay ransom demands. It’s a smart move by the threat actors because they’re likely to get more of a reaction by thieving the employees at the top of a corporation rather than any other employee in the organization.

As threat groups have moved on from random attacks and aimed at larger corporations, this extortion method of targeting executives could result in a better outcome for them considering it might be the person deciding if a ransom is paid or not.

Threat groups will continue to evolve their tactics as time goes on, so in order to protect your environment, take the time to budget for cybersecurity. SpearTip’s Security Operations Center offers continuous monitoring of entire organizations so threat groups like Clop can’t attack your executives and coerce payments. The internal communication and collaboration of the engineers in our Security Operations Center allows for the fastest response against any lurking threat actors.

Clop’s evolution has given them the ability to evade general security software and even disables certain security programs before any encryption occurs. This evasion gives even more evidence as to why a Security Operations Center operating 24/7 is crucial to business success. Our ShadowSpear® Platform is a great sidekick to our certified engineers because it is more advanced than your average antivirus tools. ShadowSpear® identifies threats and notifies our team of potential intrusions before they happen. This interwoven tandem works as a unit in stopping malicious cyber threats for enterprises of any size and in any industry.

SpearTip’s cyber experts continuously monitor environments 24/7 in our US based Security Operations Center. Our certified engineers work in unison with our proprietary endpoint detection and response tool, ShadowSpear®. This allows your organization to have a direct communication with our engineers at any moment and a completely transparent view of your risk profile.

If you are experiencing a breach, please call our Security Operations Center at 833.997.7327.