After shutting down their entire operation for several months,
between November and February, Clop ransomware is now back, according to NCC Group researchers.
“CL0P has had an explosive and unexpected return to the forefront of the ransomware threat landscape,
leaping from the least threat actor in March to the fourth most active actor in April,” NCC Group said.
This spike in activity was noticed after the ransomware group added 21 new victims to their data leak site within one month, in April.
The NCC Group added: “There was a marked fluctuation in actor targeting in April.
While Lockbit 2.0 (103 victims) and Conti (45 victims) remain the most prevalent threat,
CL0P casualties increased dramatically, from 1 to 21.”
The most targeted sector in Clop was the industrial sector,
with 45% of Clop ransomware attacks targeting industrial enterprises and 27% targeting technology companies.
For this reason, Matt Hull, head of global intelligence on strategic threats for the NCC Group,
has warned organizations within the ransomware group’s most targeted sectors to consider the possibility of being the next target for this gang and prepare accordingly.
However, even though data has already been leaked from nearly two dozen victims,
the ransomware suite does not appear to be very active based on the number of submissions on the ID ransomware service.
