Ransomware Group
Clop
Also known as: Cl0p, TA505, FIN11
Status: active • First seen 2019-02 • 3,000+ known victims
Clop is the gang behind some of the biggest data theft attacks in history. In 2023, they exploited a vulnerability in MOVEit file transfer software, affecting over 2,600 organizations including major companies and government agencies. They often don't even encrypt files anymore - they just steal data and threaten to publish it unless you pay.
Overview
Clop is a ransomware operation known for large-scale supply chain attacks, most notably the 2023 MOVEit vulnerability exploitation that impacted thousands of organizations worldwide. Unlike many ransomware groups, Clop has shifted toward pure extortion without encryption, stealing data and threatening to publish it.
Target Industries
Financial Services, Healthcare, Education, Government, Retail, Technology, Energy
How They Attack
- • Exploiting zero-day vulnerabilities in file transfer applications
- • Supply chain attacks through common enterprise software
- • Mass exploitation campaigns
- • Data exfiltration without encryption (extortion only)
- • Spear-phishing campaigns
Notable Victims
MOVEit exploitation (2,600+ organizations, 2023), GoAnywhere exploitation (130+ organizations, 2023), Shell, British Airways, BBC, Multiple US federal agencies
Is your business exposed?
How to Protect Against Clop
- 1.
Inventory all file transfer software (MOVEit, GoAnywhere, etc.)
- 2.
Apply patches to file transfer software immediately
- 3.
Monitor for data exfiltration to unknown destinations
- 4.
Segment file transfer systems from sensitive data
- 5.
Enable MFA on all file transfer applications
- 6.
Have incident response plan for mass-exploitation events
MITRE ATT&CK Techniques
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required