The Indian Computer Emergency Response Team (CERT-In) recently notified Windows users about CLOP, a new ransomware that can be distributed through fake software updates, trojans, spam emails, cracks and unofficial software downloads. Once a user’s systems is compromised, information is leaked if the ransomware negotiations fall through.
Comment from – Adam Palmer, Chief Cybersecurity Strategist at Tenable
“CLOP appears to have been recognised by security researchers since 2019 as a variant of other common malware attacks. The reality is monetisation of ransomware is the result of poor cyber hygiene practices such as failing to patch exploitable vulnerabilities and avoiding the common methods by which this malware is distributed – phishing emails, preventing unofficial software updates or downloads, and so on. Security experts suspect that the bug (CVE-2019-19781) in the Citrix Netscaler ADC VPN gateway was used to carry out the attack so it’s important users patch this vulnerability immediately.
Victims should avoid bending over backwards to meet ransomware demands and only make payment as a last resort. Remember, that you’re dealing with untrustworthy criminals and that means payment does not always guarantee access to data or that these criminals won’t try to pull the same trick again. Payment also perpetuates the crime as it continues to be a revenue stream for the attackers.” – Adam Palmer, Chief Cybersecurity Strategist at Tenable.