New ransomware emerged these days called “Clop”. There’s no proven link between Clop and any other known ransomware families, although the dropped ransom note is similar with a few of them. The cybercriminals encourage the victims to contact them as soon as possible using the two email addresses (email@example.com and firstname.lastname@example.org) mentioned in the ransom note, as they claim to provide discounts of up to 50%; otherwise, the price could go up. After a few days, they claim they delete the uploaded encryption keys and recovery would be impossible.
Clop ransomware – test findings
The encryption begins as soon as the payload is launched, which in case of Clop, is usually bundled in some popular file formats used in office environments. Windows volume shadow copies of the files are also deleted. The ransomware generates a pair of encryption/decryption keys which later uploads using unencrypted connections to the command and control server. Theoretically, using network sniffing techniques, these packets could be captured and used to decrypt the files without paying the ransom. The attacked files receive the new extension “.clop”.
Clop ransomware vs Ranstop – test results
TEMASOFT Ranstop detects this version of Clop ransomware soon after it starts encrypting files. Upon detection, alerts are fired off, and the malware process is stopped and quarantined. The affected files are automatically recovered so that the user doesn’t lose any important data.
About TEMASOFT Ranstop
TEMASOFT Ranstop is an anti-ransomware software that detects present and future ransomware, based on file access pattern analysis with a high degree of accuracy. At the same time, it protects user files so that they can be restored in case of malware attacks or accidental loss.
For more information, follow us on social media and subscribe to our newsletter.