ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool Clop

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Clop

NamesClop
Cl0p
CategoryMalware
TypeRansomware, Big Game Hunting
DescriptionClop is a ransomware which uses the .clop extension after having encrypted the victim's files. Another unique characteristic belonging with Clop is in the string: 'Dont Worry C|0P' included into the ransom notes. It is a variant of CryptoMix ransomware, but it additionally attempts to disable Windows Defender and to remove the Microsoft Security Essentials in order to avoid user space detection.
Information<https://www.mcafee.com/blogs/other-blogs/mcafee-labs/clop-ransomware/>
<https://www.bleepingcomputer.com/news/security/clop-ransomware-now-kills-windows-10-apps-and-3rd-party-tools/>
<https://www.telekom.com/en/blog/group/article/cybersecurity-ta505-returns-with-a-new-bag-of-tricks-602104>
<https://www.cybereason.com/blog/cybereason-vs.-clop-ransomware>
<https://www.notion.so/S2W-LAB-Analysis-of-Clop-Ransomware-suspiciously-related-to-the-Recent-Incident-English-088056baf01242409a6e9f844f0c5f2e>
<https://www.telekom.com/en/blog/group/article/inside-of-cl0p-s-ransomware-operation-615824>
<https://blog.malwarebytes.com/malwarebytes-news/2021/02/clop-targets-execs-ransomware-tactics-get-another-new-twist/>
<https://unit42.paloaltonetworks.com/clop-ransomware/>
<https://www.cybereason.com/blog/cl0p-ransomware-gang-tries-to-topple-the-house-of-cards>
<https://www.sentinelone.com/labs/cl0p-ransomware-targets-linux-systems-with-flawed-encryption-decryptor-available/>
<https://flashpoint.io/blog/clop-ransomware-threat/>
<https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-158a>
<https://www.darkreading.com/dr-tech/cl0p-in-your-network-how-to-find-out>
<https://www.fortinet.com/blog/threat-research/ransomware-roundup-cl0p>
<https://vulnerability.circl.lu/vuln/gcve-1-2025-0002>
MITRE ATT&CK<https://attack.mitre.org/software/S0611/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.clop>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:Clop>
Playbook<https://pan-unit42.github.io/playbook_viewer/?pb=clop-ransomware>
<https://www.sentinelone.com/labs/cl0p-ransomware-targets-linux-systems-with-flawed-encryption-decryptor-available/>

Last change to this tool card: 16 August 2025

Download this tool card in JSON format

All groups using tool Clop

ChangedNameCountryObserved

APT groups

XCarbanak, AnunakUkraine2013-Apr 2023X
 FIN11[Unknown]2016-Mar 2025X

2 groups listed (2 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents
Telephone +66 (0)2-123-1227
E-mail [email protected]