Clop Ransomware Resurfaces – 21 Victims in a Month and Counting

Ransomware attacks are definitely on the rise, targetting big companies and facilities all over the world. Many ransomware gangs have down their entire operations in the past few months, but only a few of them remained null. A while ago, AvosLocker resurfaced with new malicious techniques. Now, Clop decided to make a comeback with a bang, harnessing 21 victims within a month.

The ransomware was considered gone back in March. However, with such a return in the next month, it surely made an impact as its “leak site” is more active than ever.

So, we have to ask: Does this mean Clop is shutting down its operation after being inactive for so long? Are they just leaking past victims’ data to round up everything? Find out in the following article.

Clop Ransomware – Back with a Bang!

For a ransomware gang that has been out of the scene for quite some time, this may pose a huge threat to many individuals.

Based on research, Clop was one of the least visible ransomware gangs back in March 2022. However, within a couple of days, it got a huge boost, going all the way up to number 4.

According to NCC Group:

“CL0P had an explosive and unexpected return to the forefront of the ransomware threat landscape, jumping from the least active threat actor in March to the fourth most active in April.”

As mentioned, the research group noticed activity after the ransomware group published leaked data of 21 new victims on their data leak site within one month – April.

The group stated exactly what piqued its interest. Apparently, back in March, CLOP wasn’t even on the radar, with only a single victim.

Now, it joined the big leagues such as Lockbit 2.0 and Conti. While these two have 103 and 45 victims respectively, the number 21 is still quite high for a ransomware group that hasn’t been seen lately.

“There were notable fluctuations in threat actor targeting in April. While Lockbit 2.0 (103 victims) and Conti (45 victims) remain the most prolific threat actors, victims of CL0P increased massively, from 1 to 21.”

As you can see in the graph above, CLOP did go under the radar for some time. Its activity did spike out of nowhere in the month of April.

CLOP Says Goodbye? A Farewell Gift?

So, with such a sudden high number, do we assume that CLOP is shutting down for good? You see, a few of these Clop victims are definitely new.

However, most of the data they leaked belongs to previously unpublished victims. We have to state that as we compare the group’s action to what Conti’s been up to.

Conti – one of the biggest ransomware gangs in the world – is shutting down. However, it’s not parting ways without doing some extra damage to the community.

While some of the recent victims are confirmed to be new attacks, one theory is that the Clop gang might finally be shutting down their operation after being inactive for so long.

The group leaked data it previously obtained as a farewell gift. Could CLOP be doing the same? Everything will be confirmed in upcoming breach notifications or publish confirmations – if they release any.

Clop Bids Goodbye with a Ransom

Clop is known to have targeted multiple victims across the world, including Maastricht University, Software AG IT, ExecuPharm, and Indiabulls.

The group was presumed to be shut down, following an international law enforcement operation codenamed Operation Cyclone coordinated by the INTERPOL.

Apparently, that wasn’t enough to cease the group’s activity. Now, whether it’s a “Last Stand” move or not, the group did huge damage. We’ll see n the upcoming weeks if CLOP is proceeding with its malicious activities or terminating everything.