A version of the Clop ransomware designed for Linux systems was aimed at universities and colleges but had flaws

On December 26, researchers observed the first Clop ransomware variant targeting Linux systems. Clop has been around since 2019, attacking large companies, financial institutions, primary schools, and critical infrastructure around the world. After the group targeted several major South Korean companies in November 2020, several people connected to the group were arrested in Kyiv, Ukraine. These people had laundered more than $500 million from Clop and another ransomware group. The Linux variant of Clop was mainly used to target educational institutions, but it had issues that defenders could exploit to help victims. This allowed researchers to create a decryptor tool. The Linux version of Clop was in an early stage of development, suggesting that the threat actors were still manually operating and tweaking the ransomware to target specific victims. The Windows version of Clop allowed the ransomware group to list out what folders and files should not be encrypted, but that functionality was not seen with the Linux version. The Linux version was used to target specific folders and all file types. The Linux version also leaves the ransom note in a .txt format while the Windows version leaves the ransom note in . SentinelLabs expects future versions of the Linux variant to start eliminating those differences and for each updated functionality to be applied in both variants simultaneously. Ransomware groups are constantly looking for new targets and methods to maximize their profits. Linux and cloud devices are widely used in enterprise environments, making them attractive targets for ransomware attacks. Therefore, ransomware groups targeting Linux and cloud systems is a natural progression in their quest for higher profits and easier targets.

This Cyber News was published on therecord.media. Publication date: Wed, 08 Feb 2023 17:14:02 +0000


Cyber News related to A version of the Clop ransomware designed for Linux systems was aimed at universities and colleges but had flaws

A version of the Clop ransomware designed for Linux systems was aimed at universities and colleges but had flaws - On December 26, researchers observed the first Clop ransomware variant targeting Linux systems. Clop has been around since 2019, attacking large companies, financial institutions, primary schools, and critical infrastructure around the world. After ...
1 year ago Therecord.media
CVE-2024-36886 - In the Linux kernel, the following vulnerability has been resolved: ...
3 months ago
The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
8 months ago Securityboulevard.com
Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
6 months ago Cisa.gov
Vulnerability Summary for the Week of March 4, 2024 - Published 2024-03-06 CVSS Score not yet calculated Source & Patch Info CVE-2023-52584416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - ...
7 months ago Cisa.gov
The Clop Ransomware Vulnerability Enabled Linux Users to Retrieve Their Files for an Extended Period of Time - The Clop ransomware gang has recently been spotted using a malware variant that is specifically designed to target Linux servers. However, a flaw in the encryption scheme has allowed victims to recover their files without paying the criminals any ...
1 year ago Bleepingcomputer.com
Multiple colleges, K-12 schools facing outages after cyberattacks - Several K-12 schools, colleges and universities are dealing with significant technology outages due to cyberattacks this week. A spokesperson for North Carolina Central University told Recorded Future News that the school was alerted to a cyberattack ...
10 months ago Therecord.media
The Week in Ransomware - An international law enforcement operation claims to have dismantled a ransomware affiliate operation in Ukraine, which was responsible for attacks on organizations in 71 countries. The threat actors are said to be affiliates of numerous ransomware ...
10 months ago Bleepingcomputer.com
Schools in Maine, Indiana and Georgia contend ransomware attacks - Colleges and K-12 schools in several states are dealing with ransomware incidents causing outages and leaking sensitive data - a continuation of a trend that has affected campuses nationwide throughout the year. Henry County Schools - a district an ...
10 months ago Therecord.media
Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
1 year ago Heimdalsecurity.com
Top 10 Notorious Ransomware Gangs of 2023 - By employing a multitude of advanced techniques like double extortion along with other illicit tactics, ransomware groups are continually evolving at a rapid pace. Here below, we have mentioned all the types of ransomware used by the threat actors ...
9 months ago Cybersecuritynews.com
Cisco Talos Report: New Trends in Ransomware, Network Infrastructure Attacks, Commodity Loader Malware - The Cisco Talos Year in Review report released Tuesday highlights new trends in the cybersecurity threat landscape. We'll focus on three topics covered: the ransomware cybercriminal ecosystem, network infrastructure attacks and commodity loader ...
10 months ago Techrepublic.com
Medusa Ransomware Turning Your Files into Stone - Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. The Unit 42 ...
9 months ago Unit42.paloaltonetworks.com
Ransomware Roundup - The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. This edition of the Ransomware Roundup covers the 8base ransomware. 8base ...
9 months ago Feeds.fortinet.com
Declining Ransomware Payments: Shift in Hacker Tactics? - Several cybersecurity advisories and agencies recommend not caving into ransomware gangs' demands and paying their ransoms. It seems the tide is turning, with a decline in ransomware payments; this article explores the trend and what it might mean ...
7 months ago Securityboulevard.com
Dozens of countries will pledge to stop paying ransomware gangs - An alliance of 40 countries will sign a pledge during the third annual International Counter-Ransomware Initiative summit in Washington, D.C., to stop paying ransoms demanded by cybercriminal groups. Addressing reporters on Monday, Anne Neuberger, ...
10 months ago Bleepingcomputer.com
Ransomware trends and recovery strategies companies should know - Ransomware attacks can have severe consequences, causing financial losses, reputational damage, and operational disruptions. The methods used to deliver ransomware vary, including phishing emails, malicious websites, and exploiting vulnerabilities in ...
9 months ago Helpnetsecurity.com
The Week in Ransomware - Governments struck back this week against members of ransomware operations, imposing sanctions on one threat actor and sentencing another to prison. On Tuesday, the Australian, US, and UK governments announced sanctions against Aleksandr Gennadievich ...
8 months ago Bleepingcomputer.com
Key Group uses leaked builders of ransomware and wipers | Securelist - The first discovered sample of Key Group, the Xorist ransomware, established persistence in the system by changing file extension associations. The .huis_bn extension added to encrypted files in the early versions of Key Group samples, Xorist and ...
1 week ago Securelist.com
Ransomware Roundup - On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the ...
6 months ago Feeds.fortinet.com
IT and OT cybersecurity: A holistic approach - In comparison, OT refers to the specialized systems that control physical processes and industrial operations. OT Technologies include industrial control systems, SCADA systems and programmable logic controllers that directly control physical ...
9 months ago Securityintelligence.com
Ransomware Roundup - On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the ...
8 months ago Feeds.fortinet.com
Chainalysis: 2023 a 'watershed' year for ransomware - 2022 was generally seen as a down year for ransomware. CrowdStrike saw the average ransom payment drop from $5.7 million in 2021 to $4.1 million in 2022; Mandiant said it responded to 15% fewer ransomware incidents in 2022 than the previous year. ...
8 months ago Techtarget.com
Targeting homeowners' data - As these companies obtain a large amount of sensitive information from their customers, they become attractive targets for ransomware gangs to conduct double-extortion attacks. Finland is also warning of Akira ransomware increasingly targeting ...
8 months ago Bleepingcomputer.com
The Week in Ransomware - Earlier this month, the BlackCat/ALPHV ransomware operation suffered a five-day disruption to their Tor data leak and negotiation sites, rumored to be caused by a law enforcement action. The FBI revealed this week that they hacked the BlackCat/ALPHV ...
9 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)