Clop ransomware has successfully exploited a vulnerable target, and this time it was business jet maker Bombardier. Bombardier employs over 16,000 people and in the year 2020 the company generated over $6.5 billion in revenue. Shedding more light on the matter, KNOW – Netenrich’s very own threat intel dashboard and cybersecurity news integrator identified clop ransomware to be one of the top trending malware in the last 7 days.
Let’s take a deeper dive.
What is Clop Ransomware?
Clop is a variant of the CryptoMix ransomware which was first discovered in February 2019. This ransomware shares similar TTP’s as BitPaymer and Ryuk. In an effort to disable the antivirus software, Clop ransomware first attempts to stop numerous windows services and then closes all files to allow encryption. In order to bypass detection from security software and appear legitimate, it uses code-signed executables with digital signatures.
Clop Ransomware Attacks Bombardier
Clop ransomware has been trending in the cybersecurity news in the recent past. They have shared stolen files from Bombardier on their data leak site. The stolen files included critical information such as the airplane designs, part schematics, and flight test reports. Bombardier released a press release stating that they have suffered a data breach from their file transfer application (FTA). The company is most likely referring to Accellion FTA – a web server used by companies to host and share large files which otherwise can’t be shared with employees or customers over the email.
Most professionals working in IT industry know about this legacy – 20 years old file transfer application used by several organizations to share sensitive files. The hackers exploited a zero-day vulnerability in Accellion FTA. It was in December that Accellion learned about the zero-day attacks and released the statement during Christmas time. Saddest part being as with several vulnerable organizations, the threat actors had already been successful in compromising many of their client’s sensitive data.
Not staying proactive and in the KNOW of things (or thick of cybersecurity things) could be just as fatal as Bombardier and Accellion.
Some Twitter Reactions
#1 Edi Acoo
— EdiAcoo (@AcooEdi) February 24, 2021
#2 Shah Sheikh
Steris Touted as Latest Accellion Hack Victim: Data of Accellion client advertised for sale online by Clop ransomware group https://t.co/v7rR0bAY0a
— Shah Sheikh (@shah_sheikh) February 25, 2021
#3 Catalin Cimpano
Data from Airplane maker Bombardier has been posted today on the leak site operated by the Clop ransomware gang
— Catalin Cimpanu (@campuscodi) February 23, 2021
Clop Ransomware References from KNOW
Total references: 3000
Previous 60 days: 529
Last 7 days: 308
Clop Context from KNOW
Risk rules triggered: 4 out of 48
Related intrusion methods: Data exfiltrate, double extortion, spam, spear phishing, phishing campaign, and data breach.
Recent sandbox reference: Hybrid Analysis result for ’94b76ce34e5493bb59586b41f41b23baa07a55f2397e80775573714b1311103c
Industries targeted: Education and Healthcare
Stay in the KNOW of Cyber Things
It’s ironic isn’t it, most enterprises learn about a hacked vulnerability, data breach, or a cyber attack much later than they should. Every enterprise wants to be safe from a cyber attack but history shows that everybody is prone to an attack…every body. KNOW from Netenrich is uniquely designed to cater to cybersecurity professionals who want to stay up-to-date with the latest and most critical security insights.
KNOW helps you to discover, detect, and act on trending threats. Why wait for a threat actor to exploit and magnify your network vulnerability when you have all the right resources, tools, and resolution to empower you in taking appropriate steps?KNOW Threat Intel Free
Subscribe To Our Newsletter!
The best source of information for Security, Networks, Cloud, and ITOps best practices. Join us.
Thank you for subscribing!