HC3 TLP White Analyst Note: CLOP Poses Ongoing Risk to HPH Organizations March 23, 2021

At a Glance

CLOP is a ransomware variant associated with the FIN11 threat actor group and the double extortion tactic, it has previously been used to target several U.S. HPH organizations. Researchers have also identified the CLOP operators combining the “spray and pray” approach to compromising targets with a more targeted approach, suggesting that the operators have some discretion when selecting victims. In December 2020, CL0P operators discovered multiple zero-day vulnerabilities affecting the Accellion File Transfer Appliance (FTA) product and began targeting its users. CLOP should be treated the same as any other ransomware/extortion cybercrime group when it comes to safeguarding against their attacks. Mitigations for the HPH sector can be found at the end of the report.

View the entire report under Key Resources