Ransomware Intelligence

clop

Ransomware group profile

249Victims
RussiaSource country
130Impact score
Also Known As
Cl0p

Description

Clop is a sophisticated ransomware group that targets organizations worldwide by exploiting vulnerabilities and using double extortion tactics. They infiltrate networks, exfiltrate sensitive data, and deploy ransomware, resulting in significant financial and operational damage. The group has gained notoriety for focusing on large enterprises and critical infrastructure.

Key insights

  • Clop employs double extortion tactics, exfiltrating data before encrypting it to pressure victims into paying.
  • They exploit vulnerabilities in Managed File Transfer (MFT) solutions, such as Accellion FTA and Fortra's GoAnywhere MFT.
  • The group often targets large enterprises and has been linked to critical infrastructure attacks.
  • Clop uses a multi-layered extortion model, sometimes bypassing encryption to focus on data theft.
  • They are known for their sophisticated phishing campaigns and use of various malware strains.
  • Clop has been observed increasing their ransom demands and targeting supply chain operations.

Industries

EducationEnergy & UtilitiesFinancial ServicesGovernment & DefenseHealthcareHospitalityManufacturingOtherProfessional ServicesRetail & E-CommerceTechnologyTransportation

Threat Level & Status Breakdown

For clop · Based on incidents in selected period

2.2threat level
Aggressiveness5/ 10
Lethality0/ 10
Criticality1.5/ 10

Status Breakdown

Claimed29.3%73
First seenJun 2025
Last seenApr 2026
Avg ransom
Payment rate
Statusactive
Sophistication0
Last updatedJun 24, 2026

Recent activity

Monthly attack count for clop in the selected period

249Total attacks
102peak in Nov
27.7avg / month
JunJulOctNovDecJanFebMarApr0306090120

Intelligence

IOCs, YARA/Sigma rules, and related families for clop

  1. fc0605bb14c67f4256b8e183e841a9928c30451ea07c0423c366168232714e5a
  2. 7cd55356e8d90004492faa5fc146dc8cebb8a0d6c11d7c5f1e23eefd1877b2a0
  3. 7edaaa6a3f3da0782b53be918b953f9ea22400e181512446565df0617105c345
  4. a26f0a2da63a838161a7d335aaa5e4b314a232acc15dcabdb6f6dbec63cda642
  5. 196ca67dabcc3b143f357128ae61f53173ff5110421085da47717caa62b9288a
  6. 25b27ef8a70f7170f0711152f3d7992f259532bb9a588b1ca2dfd193d0d7eb48
  7. fa8fe5d9bf5f9af6cec07fe3487c2f1468a5aeabab76dafbe4740ad2675f2afa
  8. 8a48d2cbfd1be85e4ad339ce70531cdf7403e868022254f064b235e8eb17df03
  9. baf13b5f3c64142c5542f30c9a2dc504c8a6db45242efbfba60004d67794a7eb
  10. 03c90fd77221e1b5b9d98e32ada70990
  11. 40059ce84e4ca2c0383c17d59a819879ffcdd786ffc5cea8f4215ec456131680
  12. 6fd538e4a8e3493dda6f9fcdc96e814bdd14f3e2ef8aa46f0143bff34b882c1b
  13. 724de50b7eb63190245236fc72c9728011899a8492bd4bf866849eb83478a2bd
  14. e06f2f4d3a40a46c6e114f3138e805d190d687f59f3ba0af53c0e3277a04afa3
  15. a53a9ca8a074c7108f8412c3f8c1fc5d
  16. 5a4164420db1e1bb6803981aada44b4e728914f7356d90ca91dd13cfdb097900
  17. beeef193b35aaac37ffd5a58e9359874fc49723674b8a04fbd7df9a15ddea42f
  18. 4885adc9de7e91b74a3ac01187775459acf3e4e026ee2fa776b3419cf8dbaf00
  19. 77962a384d251f0aa8e3008a88f206d6cb1f7401c759c4614e3bfe865e3e985c
  20. 5d20dd4609b24b62d8d92f2ae372101e461db0127d10cca271c9b07983e10a01
  21. 2e70232ec4d499714da13c64a0254d666219c88624733290225b061316bb6db3
  22. a1310a616134e494c32230d74accd9e3ab495c7ce60cda9d614fd0ce291e5330
  23. 7ae1a6a6b6ce41c0485a1b81d6b8bf3ffc5d90ef95e436a3c379adf8ac903fd1
  24. 8a2dfaffc9420e209f132cdd3aedda4bbc4c18e02c47687006f67c13a36f1dc6
  25. 8391b6af876fe6f2af027f8e4b0b54152bf4f64f1695975a39447b696305fb4e
  26. 4bbfe7daef63171bc1726447523e59312d0ae8d33c13a1805adb0db1bf977bf9
  27. f738e6bdca4edf15eb50205adc452cf63b233b67cff51e31c69cbad8b291ca87
  28. 1d4bc9a4de6a5aff8ac13c5e1117041342e2e49ed6b776ee5dfb25de30a7deac
  29. ebb35763edfd4049576509aebad8e984205081b8bf213385db8a7294b41550aa
  30. 3928c5874249cc71b2d88e5c0c00989ac394238747bb7638897fc210531b4aab
  31. 0f83a3ad14ada62d79b6913c6625054f6e8901a880cc6c26fcc8940e3fd092ab
  32. 9cb54eb8a3ca4ae0d44bcdc1c34a044df0cd1ead0fff72890f04874759fc3e73
  33. 6443b6731300040b94791a3611350f3d67afd6f1f5aa8bc83b6f864bc049fe5a
  34. 23f3a0db4f26ea58fbb03a03a2eff9a64d3e64fd60f035c8c047984b3fb89257
  35. d9407e6bf9adcc361a6ab44f37fce9887c9e08460b30937f2ed844ba0cbc03f6
  36. a58a499a098a810fe0d02264ec393314cb6b43927939567edf5c764378e1cc19
  37. 7007cf53bcd0083baba202d8ac2d9070
  38. 443cbad08ae7206753cb63d767e9c9709ce7cbd0b29c45dfc475c1fd5a1baa77
  39. 23094d64721a279c0ce637584b87d6f1
  40. 0a57ede177b94307d1ed9545060fa68e375fce4c5ed53de35658cda4d40221ea
  41. a91a554d6bb4ef79a2adbde6aa5197bff1837517696da6a6037d9217df066052
  42. 97bb39f8435935ea369317d021ed7b7060610bb34b5c96824a19cfce678aa7ce
  43. 418110735c1b9307f703f15cd98ca737ec53bd5247b143c10a82a2f703e8b875
  44. 6bf3bc2d90ef29d3b513d9f614b7abe80653bead6e6147db364d40955ed6ad9f
  45. 47d086d0f4b284a574ea5fa61e263647
  46. 20062f0019433eb1ea1c6f67c7f3366c32b4d5acebb33266ad3134d1d40a1048
  47. 99922295b14b44937e99e3c0f553d180ee761b796e01a0da5e4b6290a6360c9f
  48. b3e89d4056e39e69bb003bd80f5d4a87eec35c79fc66204716a77363f04cf531
  49. 16efe0c88f434dfcc263681ca7d2040ce5ab637bbf67d54cde6a272c8d122ea3
  50. bbca15694889e6f538829a8f2a5ac9bad21f705ca99f2ee3581580997ecbfc02
  51. ee0d5289a472f88f7b54990f0aed8fed405e12fbbfe69ad03cb00f4573cae4ba
  52. 8fee77fd48def4d172e8d73838e26916b79a005dea6c457ff4581dd540b1fa35
  53. a98dcdee82f6066a4cf2f9d7d161a1bacec8f81d
  54. cb85338c2cc758da00cc37a1fde7a73383e1c4c7
  55. f23364b7d62275ec6d538066239ee2d90eb98cf03ed8916f49aae71c3fc74184
  56. e8f929856906919b72913fa4f2a813014786eb2ae5d0f0c4f4a477bb4326bd0a
  57. dc057522e04f37a6143cf6ce9b5d4a19aab8ef7a
  58. bd933bf39c0f1634a1d4dd0f367be7d21be4fca594b0525f7fc7c0dbafc67fa0
  59. 619abb27b7ffa63fbf54a6fcab38dc6ed5935e6009c1623ec7f9ff0fc6b1b538
  60. 5f2d47d6403a915dd096852dddc99417430f83d40cb483b3d556492254014472
  61. c8871a283525f6613db2e59905bd7c18368d6c9d1d6e9997346f58e5a15722aa
  62. 7e2124cf2c804b787f8ef5f25e241adb800f3616
  63. 50be5257678412f0810d46e0b0bc573eb65c6ce4617346c1527ff0dc9b7fc79e
  64. e4d59f7dd88f89252f28af8c41fbd423f68ecdeffc917c51d870b05b2339c06c
  65. a7fa02d6a3cbbc9b28c8a22a2bc92dcdb9842aca2382a8a958335099ac63f11e
  66. 3320f11728458d01eef62e10e48897ec1c2277c1fe1aa2d471a16b4dccfc1207
  67. 5f6a0a7b182a710bff404ff9632d93a5ea707896baec865909c243abe7c85a9d
  68. 76d6b8a6537b754d872c3609fb3ef054dd9665db51c45cb26991bd0fb3b972fd
  69. bf96a24b2d6dfb98fa2d94e8c03a484e
View full IOC feed500 total

TTPs & Attack Vectors

Tools, initial access, and MITRE ATT&CK techniques for clop

CVE-2025-62481
CVE-2025-61884
CVE-2025-61882
CVE-2025-61757
CVE-2025-53072
CVE-2025-50107
CVE-2025-50105
CVE-2025-50090
CVE-2025-50071
CVE-2025-30746
CVE-2025-30745
CVE-2025-30744
CVE-2025-30743
CVE-2025-30739
CVE-2025-30727
CVE-2025-30406
CVE-2025-21884
CVE-2025-21541
CVE-2025-14611
CVE-2025-11371
CVE-2024-57728
CVE-2024-57726
CVE-2024-55956
CVE-2024-50623
CVE-2023-34362
CVE-2023-27351
CVE-2023-27350
CVE-2023-2533
CVE-2023-21931
CVE-2023-21839
CVE-2023-0669
Other

T1486

T1486

T1490

T1490

T1078

T1078

T1016

T1016

T1046

T1046

T1562

T1562

T1059

T1059

T1049

T1049

T1557

T1557

T1037

T1037

T1021

T1021

T1203

T1203

Victims(200)

CompanyDomainCountryIndustryStatusDiscovered
INJURYLAWYERS.COMUS United StatesProfessional Services
Unknown
about 2 months ago
AIGHEALTHCARE.ININ IndiaFinancial Services
Unknown
4 months ago
CLOUD.CLEARWAYGROUP.COMCA CanadaTechnology
Unknown
4 months ago
DAD.CO.THTH ThailandProfessional Services
Unknown
5 months ago
THEMORTGAGEFIRM.COMCA CanadaFinancial Services
Unknown
5 months ago
FISHWINDOWCLEANING.COMUS United StatesProfessional Services
Unknown
5 months ago
SOLUTIONSINSAFETY.COMUS United StatesProfessional Services
Unknown
5 months ago
BOYDEN.COMUS United StatesProfessional Services
Unknown
5 months ago
CFDT.FRFR FranceGovernment & Defense
Unknown
5 months ago
SPOHNASSOCIATES.COMUS United StatesTechnology
Unknown
5 months ago
GARNERGROUP.NETUS United StatesProfessional Services
Unknown
5 months ago
THEPERPETUAL.COMUS United StatesFinancial Services
Unknown
5 months ago
AIGBUSINESS.COMIN IndiaFinancial Services
Unknown
5 months ago
HYDEPARKUMC.ORGUS United StatesEducation
Unknown
5 months ago
GIACARE.COMUS United StatesHealthcare
Unknown
5 months ago
GIASPACE.COMUS United StatesTechnology
Unknown
5 months ago
ONESUPPORT.COMUS United StatesTechnology
Unknown
5 months ago
HUDSONSUSTAINABLE.COMUS United StatesFinancial Services
Unknown
5 months ago
GOKALLIT.COMUS United StatesFinancial Services
Unknown
5 months ago
CHEHARDY.COMUS United StatesProfessional Services
Unknown
5 months ago

Page 1 of 10

Affected countries(72)

Countries where this group has been reported to target or leak victims.

🇦🇪United Arab Emirates🇦🇷Argentina🇦🇹Austria🇦🇺AustraliaAruba🇧🇪Belgium🇧🇷Brazil🇧🇸Bahamas🇨🇦CanadaCongo, the Democratic Republic of the🇨🇭Switzerland🇨🇳China🇨🇴Colombia🇨🇷Costa Rica🇨🇿Czech Republic🇩🇪Germany🇩🇴Dominican Republic🇪🇨Ecuador🇪🇬Egypt🇪🇸Spain🇫🇮Finland🇫🇷France🇬🇧United Kingdom🇬🇷Greece🇭🇰Hong Kong🇭🇷Croatia🇭🇺Hungary🇮🇪Ireland🇮🇱Israel🇮🇳India🇮🇹Italy🇯🇲Jamaica🇯🇵Japan🇰🇪KenyaKorea, Republic of🇰🇼Kuwait🇱🇰Sri Lanka🇱🇷Liberia🇱🇺Luxembourg🇲🇬Madagascar🇲🇹Malta🇲🇺Mauritius🇲🇽Mexico🇲🇾Malaysia🇳🇬Nigeria🇳🇱Netherlands🇳🇴Norway🇳🇿New Zealand🇴🇲Oman🇵🇦Panama🇵🇪Peru🇵🇭Philippines🇵🇰Pakistan🇵🇱PolandPuerto RicoRéunion🇷🇴RomaniaRussian Federation🇸🇦Saudi Arabia🇸🇪Sweden🇸🇬Singapore🇸🇮Slovenia🇸🇳SenegalSyrian Arab Republic🇹🇭Thailand🇹🇷TurkeyTaiwan, Province of China🇺🇦Ukraine🇺🇸United States🇿🇦South Africa🇿🇲ZambiaGlobal