HC3 Analyst Note TLP White - CLOP Poses Ongoing Risk to HPH Organizations November 16, 2020
CLOP, a ransomware variant associated with the FIN11 threat actor group and the double extortion tactic, has previously targeted several U.S. healthcare and public health (HPH) organizations. The Australian Cyber Security Center (ACSC) published an alert notifying the Australian HPH sector of the danger posed by the SDBBot Remote Access Tool and CLOP ransomware. Researchers have also identified the CLOP operators combining the “spray and pray” approach to compromising targets with a more targeted approach, suggesting that the operators have some discretion when selecting victims. CLOP should be treated the same as any other ransomware/extortion cybercrime group when it comes to safeguarding against their attacks. Mitigations for the HPH sector can be found at the end of the report.