• Netenrich
  • /
  • Blog
  • /
  • Clop Ransomware – KNOW how Bombardier Suffered a Data Breach

Clop Ransomware – KNOW how Bombardier Suffered a Data Breach

Post by Sneden Michael Feb 26, 2021

Clop ransomware has successfully exploited a vulnerable target, and this time it was business jet maker Bombardier. Bombardier employs over 16,000 people and in the year 2020 the company generated over $6.5 billion in revenue. Shedding more light on the matter, KNOW – Netenrich’s very own threat intel dashboard and cybersecurity news integrator identified clop ransomware to be one of the top trending malware in the last 7 days.

clop ransomware news

Let’s take a deeper dive.

What is Clop Ransomware?

Clop is a variant of the CryptoMix ransomware which was first discovered in February 2019. This ransomware shares similar TTP’s as BitPaymer and Ryuk. In an effort to disable the antivirus software, Clop ransomware first attempts to stop numerous windows services and then closes all files to allow encryption. In order to bypass detection from security software and appear legitimate, it uses code-signed executables with digital signatures.

Clop Ransomware Attacks Bombardier

Clop ransomware has been trending in the cybersecurity news in the recent past. They have shared stolen files from Bombardier on their data leak site. The stolen files included critical information such as the airplane designs, part schematics, and flight test reports. Bombardier released a press release stating that they have suffered a data breach from their file transfer application (FTA). The company is most likely referring to Accellion FTA – a web server used by companies to host and share large files which otherwise can’t be shared with employees or customers over the email.

Most professionals working in IT industry know about this legacy – 20 years old file transfer application used by several organizations to share sensitive files. The hackers exploited a zero-day vulnerability in Accellion FTA. It was in December that Accellion learned about the zero-day attacks and released the statement during Christmas time. Saddest part being as with several vulnerable organizations, the threat actors had already been successful in compromising many of their client’s sensitive data.

Not staying proactive and in the KNOW of things (or thick of cybersecurity things) could be just as fatal as Bombardier and Accellion.

Some Twitter Reactions

#1 Edi Acoo

#2 Shah Sheikh

#3 Catalin Cimpano

Clop Ransomware References from KNOW

trending clop references

Total references: 3000

Previous 60 days: 529

Last 7 days: 308

Clop Context from KNOW

clop risk rules triggered

Risk rules triggered: 4 out of 48

Related intrusion methods: Data exfiltrate, double extortion, spam, spear phishing, phishing campaign, and data breach.

Recent sandbox reference: Hybrid Analysis result for ’94b76ce34e5493bb59586b41f41b23baa07a55f2397e80775573714b1311103c

Industries targeted: Education and Healthcare

Stay in the KNOW of Cyber Things

It’s ironic isn’t it, most enterprises learn about a hacked vulnerability, data breach, or a cyber attack much later than they should. Every enterprise wants to be safe from a cyber attack but history shows that everybody is prone to an attack…every body. KNOW from Netenrich is uniquely designed to cater to cybersecurity professionals who want to stay up-to-date with the latest and most critical security insights.

KNOW helps you to discover, detect, and act on trending threats. Why wait for a threat actor to exploit and magnify your network vulnerability when you have all the right resources, tools, and resolution to empower you in taking appropriate steps?

KNOW Threat Intel Free


Sneden Michael

About the Author

Sneden Michael

Subscribe To Our Newsletter!

The best source of information for Security, Networks, Cloud, and ITOps best practices. Join us.

Thank you for subscribing!

Related Post

Hacker hacking into the system
Jun 28 2021

KNOW this week – Clop ransomware and Molerats resurface agai

Clop ransomware launches a series of new attacks, ...

Read More
Hacker wearing a black hoodie typing on a computer
Jun 18 2021

KNOW this week – Avaddon, Fancy Lazarus, CVE-2021-3195

Deploy a reliable endpoint detection and resolutio...

Read More
Attackers attacking depicting cyberthreats
Jun 07 2021

KNOW what’s trending this week – Darkside ransomware, Sodino

There’s an increasing trend in ransomware attacks ...

Read More