Clop Ransomware Threat Profile Overview

This document is a threat profile report on Clop ransomware, first identified in 2019. It outlines the operational style of Clop as a Ransomware-as-a-Service (RaaS) group that has evolved to focus on data extortion through large-scale supply chain attacks. The report details the group's extortion methods, particularly the use of a data leak site to threaten victims with data exposure if ransom demands are not met. It identifies the technology sector as the most frequently targeted industry and highlights the group's known associations with other ransomware operations. The document also lists various exploited vulnerabilities that Clop has utilized in its attacks, including zero-day vulnerabilities in file transfer software. Furthermore, it presents a timeline of significant attacks and law enforcement actions against Clop, emphasizing the challenges in completely dismantling such a prolific ransomware operation. The report concludes with references to known tools used by Clop operators and their operational behaviors.