clop

Ransomware group profile

249Victims

RussiaSource country

145Impact score

Also Known As

Cl0p

Description

Clop is a sophisticated ransomware group that targets organizations worldwide by exploiting vulnerabilities and using double extortion tactics. They infiltrate networks, exfiltrate sensitive data, and deploy ransomware, resulting in significant financial and operational damage. The group has gained notoriety for focusing on large enterprises and critical infrastructure.

Key insights

•Clop employs double extortion tactics, exfiltrating data before encrypting it to pressure victims into paying.
•They exploit vulnerabilities in Managed File Transfer (MFT) solutions, such as Accellion FTA and Fortra's GoAnywhere MFT.
•The group often targets large enterprises and has been linked to critical infrastructure attacks.
•Clop uses a multi-layered extortion model, sometimes bypassing encryption to focus on data theft.
•They are known for their sophisticated phishing campaigns and use of various malware strains.
•Clop has been observed increasing their ransom demands and targeting supply chain operations.

Industries

Education Energy & Utilities Financial Services Government & Defense Healthcare Hospitality Manufacturing Other Professional Services Retail & E-Commerce Technology Transportation

Threat Level & Status Breakdown

For clop · Based on incidents in selected period

2.2threat level

Aggressiveness5/ 10

Lethality0/ 10

Criticality1.5/ 10

Status Breakdown

Claimed29.3%73

First seenJun 2025

Last seenApr 2026

Avg ransom—

Payment rate—

Statusactive

Sophistication0

Last updatedJun 2, 2026

Recent activity

Monthly attack count for clop in the selected period

249Total attacks

102peak in Nov

27.7avg / month

Intelligence

IOCs, YARA/Sigma rules, and related families for clop

fc0605bb14c67f4256b8e183e841a9928c30451ea07c0423c366168232714e5a
7cd55356e8d90004492faa5fc146dc8cebb8a0d6c11d7c5f1e23eefd1877b2a0
7edaaa6a3f3da0782b53be918b953f9ea22400e181512446565df0617105c345
a26f0a2da63a838161a7d335aaa5e4b314a232acc15dcabdb6f6dbec63cda642
196ca67dabcc3b143f357128ae61f53173ff5110421085da47717caa62b9288a
25b27ef8a70f7170f0711152f3d7992f259532bb9a588b1ca2dfd193d0d7eb48
fa8fe5d9bf5f9af6cec07fe3487c2f1468a5aeabab76dafbe4740ad2675f2afa
8a48d2cbfd1be85e4ad339ce70531cdf7403e868022254f064b235e8eb17df03
baf13b5f3c64142c5542f30c9a2dc504c8a6db45242efbfba60004d67794a7eb
03c90fd77221e1b5b9d98e32ada70990
40059ce84e4ca2c0383c17d59a819879ffcdd786ffc5cea8f4215ec456131680
6fd538e4a8e3493dda6f9fcdc96e814bdd14f3e2ef8aa46f0143bff34b882c1b
724de50b7eb63190245236fc72c9728011899a8492bd4bf866849eb83478a2bd
e06f2f4d3a40a46c6e114f3138e805d190d687f59f3ba0af53c0e3277a04afa3
a53a9ca8a074c7108f8412c3f8c1fc5d
5a4164420db1e1bb6803981aada44b4e728914f7356d90ca91dd13cfdb097900
4885adc9de7e91b74a3ac01187775459acf3e4e026ee2fa776b3419cf8dbaf00
77962a384d251f0aa8e3008a88f206d6cb1f7401c759c4614e3bfe865e3e985c
5d20dd4609b24b62d8d92f2ae372101e461db0127d10cca271c9b07983e10a01
2e70232ec4d499714da13c64a0254d666219c88624733290225b061316bb6db3
a1310a616134e494c32230d74accd9e3ab495c7ce60cda9d614fd0ce291e5330
7ae1a6a6b6ce41c0485a1b81d6b8bf3ffc5d90ef95e436a3c379adf8ac903fd1
8a2dfaffc9420e209f132cdd3aedda4bbc4c18e02c47687006f67c13a36f1dc6
8391b6af876fe6f2af027f8e4b0b54152bf4f64f1695975a39447b696305fb4e
f738e6bdca4edf15eb50205adc452cf63b233b67cff51e31c69cbad8b291ca87
a912233df115e5002f95d55ba0481e6bff798ed3
1d4bc9a4de6a5aff8ac13c5e1117041342e2e49ed6b776ee5dfb25de30a7deac
ebb35763edfd4049576509aebad8e984205081b8bf213385db8a7294b41550aa
0b64ee06e7b34f8d44ec47ff2fbf9f10f6753103
3928c5874249cc71b2d88e5c0c00989ac394238747bb7638897fc210531b4aab
4cf09f8fd5385c4b8414fb6163d831164f1f25c8
9cb54eb8a3ca4ae0d44bcdc1c34a044df0cd1ead0fff72890f04874759fc3e73
6443b6731300040b94791a3611350f3d67afd6f1f5aa8bc83b6f864bc049fe5a
66c1246e8cb9befca5d129c28de10c74d3855e68
3d4ffcd1cd594f452ad1c374933eea8dd36d21a6d01372cc7f1afc636d26fa72
23f3a0db4f26ea58fbb03a03a2eff9a64d3e64fd60f035c8c047984b3fb89257
d520d06d78afcad2e03842cb8db4622d18b92739e89dfb8dadf5743f30dcd903
d9407e6bf9adcc361a6ab44f37fce9887c9e08460b30937f2ed844ba0cbc03f6
a58a499a098a810fe0d02264ec393314cb6b43927939567edf5c764378e1cc19
7007cf53bcd0083baba202d8ac2d9070
443cbad08ae7206753cb63d767e9c9709ce7cbd0b29c45dfc475c1fd5a1baa77
23094d64721a279c0ce637584b87d6f1
a91a554d6bb4ef79a2adbde6aa5197bff1837517696da6a6037d9217df066052
97bb39f8435935ea369317d021ed7b7060610bb34b5c96824a19cfce678aa7ce
6bf3bc2d90ef29d3b513d9f614b7abe80653bead6e6147db364d40955ed6ad9f
47d086d0f4b284a574ea5fa61e263647
20062f0019433eb1ea1c6f67c7f3366c32b4d5acebb33266ad3134d1d40a1048
b3e89d4056e39e69bb003bd80f5d4a87eec35c79fc66204716a77363f04cf531
16efe0c88f434dfcc263681ca7d2040ce5ab637bbf67d54cde6a272c8d122ea3
ee0d5289a472f88f7b54990f0aed8fed405e12fbbfe69ad03cb00f4573cae4ba
8fee77fd48def4d172e8d73838e26916b79a005dea6c457ff4581dd540b1fa35
e75e5778e71e062ce4a7af673f0b2513854d2367fee0f01a26c0c998863bdf6e

View full IOC feed500 total

TTPs & Attack Vectors

Tools, initial access, and MITRE ATT&CK techniques for clop

CVE-2025-62481

CVE-2025-61884

CVE-2025-61882

CVE-2025-61757

CVE-2025-53072

CVE-2025-50107

CVE-2025-50105

CVE-2025-50090

CVE-2025-50071

CVE-2025-30746

CVE-2025-30745

CVE-2025-30744

CVE-2025-30743

CVE-2025-30739

CVE-2025-30727

CVE-2025-30406

CVE-2025-21884

CVE-2025-21541

CVE-2025-14611

CVE-2025-11371

CVE-2024-57728

CVE-2024-57726

CVE-2024-55956

CVE-2024-50623

CVE-2023-34362

CVE-2023-27351

CVE-2023-27350

CVE-2023-2533

CVE-2023-21931

CVE-2023-21839

CVE-2023-0669

Other

T1486

T1490

T1078

T1016

T1046

T1562

T1059

T1049

T1557

T1037

T1021

T1203

Victims(200)

Company	Domain	Country	Industry	Status	Discovered
INJURYLAWYERS.COM	—	US United States	Professional Services	Unknown	about 1 month ago
AIGHEALTHCARE.IN	—	IN India	Financial Services	Unknown	3 months ago
CLOUD.CLEARWAYGROUP.COM	—	CA Canada	Technology	Unknown	3 months ago
DAD.CO.TH	—	TH Thailand	Professional Services	Unknown	4 months ago
THEMORTGAGEFIRM.COM	—	CA Canada	Financial Services	Unknown	4 months ago
FISHWINDOWCLEANING.COM	—	US United States	Professional Services	Unknown	4 months ago
SOLUTIONSINSAFETY.COM	—	US United States	Professional Services	Unknown	4 months ago
BOYDEN.COM	—	US United States	Professional Services	Unknown	4 months ago
CFDT.FR	—	FR France	Government & Defense	Unknown	4 months ago
SPOHNASSOCIATES.COM	—	US United States	Technology	Unknown	4 months ago
GARNERGROUP.NET	—	US United States	Professional Services	Unknown	4 months ago
THEPERPETUAL.COM	—	US United States	Financial Services	Unknown	4 months ago
AIGBUSINESS.COM	—	IN India	Financial Services	Unknown	4 months ago
HYDEPARKUMC.ORG	—	US United States	Education	Unknown	4 months ago
GIACARE.COM	—	US United States	Healthcare	Unknown	4 months ago
GIASPACE.COM	—	US United States	Technology	Unknown	4 months ago
ONESUPPORT.COM	—	US United States	Technology	Unknown	4 months ago
HUDSONSUSTAINABLE.COM	—	US United States	Financial Services	Unknown	4 months ago
GOKALLIT.COM	—	US United States	Financial Services	Unknown	4 months ago
CHEHARDY.COM	—	US United States	Professional Services	Unknown	4 months ago

Page 1 of 10

Affected countries(69)

Countries where this group has been reported to target or leak victims.

🇦🇪United Arab Emirates 🇦🇷Argentina 🇦🇹Austria 🇦🇺Australia Aruba 🇧🇪Belgium 🇧🇷Brazil 🇧🇸Bahamas 🇨🇦Canada Congo, the Democratic Republic of the 🇨🇭Switzerland 🇨🇳China 🇨🇴Colombia 🇨🇷Costa Rica 🇩🇪Germany 🇩🇴Dominican Republic 🇪🇨Ecuador 🇪🇬Egypt 🇪🇸Spain 🇫🇮Finland 🇫🇷France 🇬🇧United Kingdom 🇬🇷Greece 🇭🇰Hong Kong 🇭🇷Croatia 🇭🇺Hungary 🇮🇪Ireland 🇮🇱Israel 🇮🇳India 🇮🇹Italy 🇯🇲Jamaica 🇯🇵Japan 🇰🇪Kenya Korea, Republic of 🇰🇼Kuwait 🇱🇰Sri Lanka 🇱🇷Liberia 🇱🇺Luxembourg 🇲🇬Madagascar 🇲🇹Malta 🇲🇺Mauritius 🇲🇽Mexico 🇲🇾Malaysia 🇳🇬Nigeria 🇳🇱Netherlands 🇳🇴Norway 🇳🇿New Zealand 🇴🇲Oman 🇵🇦Panama 🇵🇪Peru 🇵🇭Philippines 🇵🇰Pakistan 🇵🇱Poland Réunion 🇷🇴Romania Russian Federation 🇸🇦Saudi Arabia 🇸🇪Sweden 🇸🇬Singapore 🇸🇮Slovenia 🇸🇳Senegal Syrian Arab Republic 🇹🇷Turkey Taiwan, Province of China 🇺🇦Ukraine 🇺🇸United States 🇿🇦South Africa 🇿🇲Zambia Global