The Clop Ransomware continues to evolve with a new and integrated process killer that targets some interesting processes belonging to Windows 10 apps, text editors, programming IDEs and languages, and office applications.
When the Clop Ransomwarestarted circulating in February 2019, it was just your normal garden variety CryptoMix ransomware variant with the same features we have been seeing in this family since 2017.
In March 2019, though, the Clop Ransomwaresuddenly changed and began disablingservices for Microsoft Exchange, Microsoft SQL Server, MySQL, BackupExec, and other enterprise software. The ransom note had also changed to indicate that the attackers were targeting an entire network rather than individual PCs.
It was determined at that time, that a threat actor group known asTA505 had adopted the Clop Ransomware as their final payload of choice after compromising a network, similar to how Ryuk, BitPaymer, and DoppelPaymer were being used.
This adoption by the threat actors has most likely fueled the ransomware's developmentas the actors change it to fit their needs when performing network-wide encryption.
Development continued in November 2019, when a new variant was released that attempted to disable Windows Defender running on local computers so that it would not be detected by future signature updates.
These changes also coincided with the threat actors continued targeting of companies in theNetherlands and France.
Just last month, Maastricht University (UM) in the Netherlands was infected by the Clop Ransomware.
In late December 2019a new Clop variant was discovered by MalwareHunterTeam and reverse engineered by Vitali Kremez that add improves their process termination feature; Clop now terminates 663 Windows processes before encrypting files.
It is not uncommon for ransomware to terminate processes before encrypting files as the attackers want to disable security software and do not want any files to be open as it could prevent them from being encrypted.
This new variant takes it a step further by terminating a total of 663 processes, which include new Windows 10 apps, popular text editors, debuggers, programming languages, terminal programs, and programming IDE software.
Some of the more interesting processes that are terminated include the Android Debug Bridge, Notepad++, Everything, Tomcat, SnagIt, Bash, Visual Studio, Microsoft Office applications, programming languages such as Python and Ruby, the SecureCRT terminal application, the Windows calculator, and even the new Windows 10 Your Phone app.
It is not known why some of these processes are terminated, especially ones like Calculator,Snagit, and SecureCRT, but its possible they want to encrypt configuration files used by some of these tools.
A full list of the terminated processes can be found in Kremez'sGitHub repository.
In the past,the process termination functionality was performed by a Windows batch file. By embedding this functionality into the main executable, it further signifies active development by the group.
"This change signifies that the ransomware group decided to include the "process killer" in the main bot making it a more universal Swiss-army approach rather thanrelying on theirexternal libraries like "av_block" for this purpose," Kremez told BleepingComputer in a conversation.
In addition to the new and large list of targeted processes, this Clop Ransomwarevariantalso utilizes a new .Cl0pextension, rather than the .CIop or .Clop extensionsused in previous versions.
As Clop continues to infect organizations, and reap large ransoms for doing so, we can expect to see its development to continue as the actors evolve their tactics.
- CIA Encryption Meddling and Chinese Espionage Allegations Make It Clear: We All Need Strong Data Protection - Reason - February 12th, 2020
- Congress, Not the Attorney General, Should Decide the Future of Encryption - Lawfare - February 12th, 2020
- The code breakers: This vault is the epicenter in law enforcement's battle to unlock encrypted smartphones - USA TODAY - February 12th, 2020
- Enea Announces New Smart Tools to Identify Encrypted and Evasive Network Traffic - Yahoo Finance - February 12th, 2020
- Encryption Vs. Decryption: What's the Difference? - Techopedia - February 12th, 2020
- Labor Bill to fix Australian encryption laws it voted for hits second debate - ZDNet - February 12th, 2020
- Encryption Software Market Growth by Top Companies, Trends by Types and Application, Forecast to 2026 - News Parents - February 12th, 2020
- Mobile Encryption Market to Grow Massively (2020-2025) By Size, Share, Price, Trend and Forecast | Blackberry, T-Systems International, ESET, Sophos,... - February 12th, 2020
- Child-Welfare Activists Attack Facebook Over Encryption Plans - The New York Times - February 9th, 2020
- How Attorney General Barr's War On Encryption Will Harm Our Military - Techdirt - February 9th, 2020
- Strong Opinions on Whether Police Calls Should be Encrypted - Government Technology - February 9th, 2020
- The EARN IT Act is the latest clueless attack on encryption, do not fall for it - Privacy News Online - February 9th, 2020
- Republican Senator Lindsey Graham introduces bill that threatens end-to-end encryption - World Socialist Web Site - February 9th, 2020
- Activists write to Facebook against encryption, says it will dent bid to curb child pornography - Hindustan Times - February 9th, 2020
- BBB Offers the Following Tips for National Clean Out Your Computer and Safer Internet Day WKTN- A division of Home Town Media - WKTN Radio - February 9th, 2020
- Optical Encryption Market Booming by Size, Revenue, Trends and Top Growing Companies 2026 - Instant Tech News - February 9th, 2020
- Federal government warning of voter coercion, foreign election interference through private messaging services - CBC.ca - February 9th, 2020
- Mobile Encryption Market 2020 Recent Industry Developments and Growth Strategies Adopted by Top Key Players Worldwide and Assessment to 2025 -... - February 9th, 2020
- Well-meaning charities urge Facebook to halt encryption plan to protect kids - 9to5Mac - February 6th, 2020
- How the B-Team watches over Australia's encryption laws and cybersecurity - ZDNet - February 6th, 2020
- Kids Need End-to-End Encryption for Protection Against Corporations - The Mac Observer - February 6th, 2020
- Encryption Backdoors: The Achilles Heel to Cybersecurity? - Techopedia - February 6th, 2020
- US Lawmakers Seeking to Ban Companies From Using End-to-End Encryption With a New Draft Bill - Bitcoin Exchange Guide - February 6th, 2020
- United States: a invoice towards end-to-end encryption? - Sahiwal Tv - February 6th, 2020
- TLS 1.0/1.1 end-of-life countdown heads into the danger zone - The Daily Swig - February 6th, 2020
- How Would a US Ban on End to End Encryption Affect Cryptocurrency? - Bitcoinist - February 5th, 2020
- Officials Ask Public to Weigh in on Encrypting Police Calls - Government Technology - February 5th, 2020
- Bluefin and FroogalPay Partner to Provide PCI-Validated Point-to-Point Encryption (P2PE) - Benzinga - February 5th, 2020
- Facebook to allow parents to monitor their kids' chat messages - Sussex Express - February 5th, 2020
- Hardware-based Full Disk Encryption Market To Boom In Near Future By 2027 With Industry Key Players - Science of Change - February 5th, 2020
- New ransomware with '.SaveTheQueen' extension discovered by Varonis - Information Age - February 5th, 2020
- The Best Encryption Software for 2020 | PCMag - February 2nd, 2020
- Encryption - What It Is, Types, Algorithms, & More ... - February 2nd, 2020
- A Beginner's Guide to Encryption: What It Is and How to ... - February 2nd, 2020
- Encryption | Internet Society - February 2nd, 2020
- Best encryption software tools of 2020: Keep your data ... - February 2nd, 2020
- What is 256-bit Encryption? How long would it take to crack? - February 2nd, 2020
- A new bill could punish web platforms for using end-to-end encryption - The Verge - February 2nd, 2020
- How to encrypt email (Gmail, Outlook iOS, OSX, Android ... - February 2nd, 2020
- Researchers showcase all-optical encryption tech to keep data hidden and safe - The Times of Israel - February 2nd, 2020
- The U.S. government's been trying to stop encryption for 25 years. Will it win this time? - Tom's Guide - February 2nd, 2020
- Apple's end-to-end encryption threatened by new proposed bill - AppleInsider - February 2nd, 2020
- With Streaming Becoming More Prevalent in 2020, it would be better to connect to the Internet with a VPN - gotech daily - February 2nd, 2020
- nCipher Security: More Americans trust encryption than know what it is - Security Boulevard - January 30th, 2020
- Encryption Software Market 2020 Analysis by Current Industry Status, Key Manufacturers, Industry Drivers and Forecast to 2024 Dagoretti News -... - January 30th, 2020
- Emerging Opportunities in Hardware-based Full Disk Encryption Market with Current Trends Analysis - Dagoretti News - January 30th, 2020
- Scientists from Israel have developed the worlds first optical encryption technology Stealth - The Times Hub - January 30th, 2020
- Government Report Reveals Its Favorite Way to Hack iPhones, Without Backdoors - VICE - January 30th, 2020
- How to Get the Most Out of Your Smartphone's Encryption - WIRED - January 30th, 2020
- Forensics detective says Android phones are now harder to crack than iPhones - Android Authority - January 30th, 2020
- Options to End the End to End Encryption Debate - Infosecurity Magazine - January 30th, 2020
- Remember the Clipper chip? NSA's botched backdoor-for-Feds from 1993 still influences today's encryption debates - The Register - January 30th, 2020
- Why Public Wi-Fi is a Lot Safer Than You Think - EFF - January 30th, 2020
- There is no legislation mandating encryption of private information - Kamloops This Week - January 30th, 2020
- Apple Watch rewards, iCloud encryption, and WhatsApp hacks on the AppleInsider Podcast - AppleInsider - January 30th, 2020
- Apple Wanted the iPhone to Have End-to-End Encryption. Then the FBI Stepped In - Popular Mechanics - January 27th, 2020
- Amazon Engineer Leaked Private Encryption Keys. Outside Analysts Discovered Them in Minutes - Gizmodo - January 27th, 2020
- Deployed 82nd Airborne unit told to use these encrypted messaging apps on government cell phones - Military Times - January 27th, 2020
- The FBI doesn't need Apple to give it a backdoor to encryption, because it already has all the access it needs - Boing Boing - January 27th, 2020
- Whether Apple or Google: Is there a back door into your phones online backups? - USA TODAY - January 27th, 2020
- Encryption Software Market | Global Analysis Along With Trends, Growth, Key Players And Future Predictions Till 2026 - VOICE of Wisconsin Rapids - January 27th, 2020
- How encryption could stop the exposure of personal data in the cloud - NewsDio - January 27th, 2020
- Bitcoin transactions will not be private even with Schnorr encryption - AMBCrypto - January 27th, 2020
- SSL Encryption: Making The Web A Safer Place - TechShout! - January 27th, 2020
- Review: SecureDrive BT, the encrypted external SSD you can unlock with Face ID - 9to5Mac - January 19th, 2020
- EncryptOnClick is a freeware tool that can encrypt files and folders - Ghacks Technology News - January 19th, 2020
- Trump and Comey Are United Against Encrypted Communications - Reason - January 19th, 2020
- Police Scotland to roll out encryption bypass technology - Glasgow Live - January 19th, 2020
- Encryption battle reignited as US govt at loggerheads with Apple - Times Now - January 19th, 2020
- Hardware Encryption Market Set To Register A CAGR Growth Of XX% Over The Forecast Period 2017 2025 - Fusion Science Academy - January 19th, 2020
- Malware Obfuscation, Encoding and Encryption - Security Boulevard - January 14th, 2020
- Microsoft CEO says encryption backdoors are a terrible idea - The Verge - January 14th, 2020
- Debate over access to encryption isn't going away - Washington Examiner - January 14th, 2020
- Over two dozen encryption experts call on India to rethink changes to its intermediary liability rules - TechCrunch - January 14th, 2020
- Encryption Software Market Booming by Size, Trends and Top Growing Companies- IBM Corporation, Sophos, Ciphercloud, Pkware, Mcafee - BulletintheNews - January 14th, 2020
- Hardware-based Full Disk Encryption Market Analysis With Key Players, Applications, Trends And Forecasts To 2025 - Instanews247 - January 14th, 2020
- Mobile Encryption Market Insights and Technology 2020, Forecasts to 2026 - Broadcast Offer - January 14th, 2020
- Garda needs new technology for online child abuse investigations - The Irish Times - January 14th, 2020
- IoT Security Solution for Encryption Market Research, Recent Trends and Growth F - News by aeresearch - January 14th, 2020
- Apple made a rare appearance at tech's biggest conference and defended encryption on the iPhone - Business Insider - January 8th, 2020