Clop ransomware looks to target Windows 10 apps

News
By published

The Clop ransomware continues to evolve

(Image credit: Shutterstock)

A new variant of the Clop ransomware which targets Windows 10 apps such as text editors and office applications as well as other processes has been discovered in the wild.

When the Clop ransomware first appeared in February of 2019, it was just a CryptoMix ransomware variant that had many features seen in other types of malware. However, in March, the ransomware changed suddenly and began disabling services for Microsoft Exchange, Microsoft SQL Server, MYSQL and other enterprise software.

The ransom note left by Clop also changed to indicate that the attackers behind it had begun to target entire networks as opposed to individual machines. At that time, it was also determined that the threat actor group called TA500 had adopted the Clop ransomware as its preferred final payload after compromising a network.

Then only a few months ago in November, a new variant of the ransomware was released that tried to disable Windows Defender from running on local machines so that it could remain undetected after future signature updates.

Clop ransomware evolved

The latest evolution of the Clop ransomware was discovered in December of last year by MalwareHunterTeam and reverse engineered by ethical hacker Vitali Kremez.

The ransomware now sports an improved process termination feature that terminates 663 Windows processes before encrypting files. Cybercriminals often have their ransomware terminate processes before encrypting files in an effort to disable security software but the latest variant of Clop takes things a step further.

The Clop ransomware now terminates even more processes including new Windows 10 apps, popular text editors, debuggers, programming languages, terminal programs and programming IDE software. Other processes that are terminated include Microsoft Office Applications, the Windows calculator, Notepad++ and even the new Windows 10 Your Phone app. For those interested in learning more, a full list of the terminated processes is available in Kremez's GitHub repository.

Now that Clop has begun to successfully target enterprises' entire networks, expect its development to continue with new variants better designed to bypass user's security software.

Via BleepingComputer

Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Latest in Security
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Latest in News
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Cassian Andor looking nervously over his shoulder in Andor season 2
New Andor season 2 trailer has got Star Wars fans asking the same question – and it includes an ominous call back to Rogue One's official teaser
Ncuti Gatwa as The Fifteenth Doctor in Doctor Who
Disney+ drops new trailer for Doctor Who season 2 that promises an epic adventure across time and space
23andMe
23andMe is bankrupt and about to sell your DNA, here's how to stop that from happening
A phone showing a ChatGPT app error message
ChatGPT was down for many – here's what happened
AirPods Max with USB-C in every color
Apple's AirPods Max with USB-C will get lossless audio in April, but you'll need to go wired
More about security
An abstract image of digital security.

Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft

"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
A close up of a xenomorph with Earth reflected on its head in the Alien: Earth TV show teaser

Disney+ celebrates 5 years of streaming with 2025 lookahead – here are 3 movies and shows I can't wait to watch
See more latest
Most Popular
Shape of Russia filled with Russian flag-colored internet codes on a black hacking background
A new wave of blocks in Russia targets VPN apps and Cloudflare subnets
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Ncuti Gatwa as The Fifteenth Doctor in Doctor Who
Disney+ drops new trailer for Doctor Who season 2 that promises an epic adventure across time and space
Cassian Andor looking nervously over his shoulder in Andor season 2
New Andor season 2 trailer has got Star Wars fans asking the same question – and it includes an ominous call back to Rogue One's official teaser
23andMe
23andMe is bankrupt and about to sell your DNA, here's how to stop that from happening
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
A screenshot from Indiana Jones and the Great Circle showing Indiana Jones
Indiana Jones and the Great Circle finally gets PS5 release date and I can't wait to don the fedora and crack the whip
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Tuesday, March 25 (game #387)