Clop Ransomware Evolves, Now can Terminate 663 Windows Processes nonvbvru, cc4youcc

On October 2, last year, the Federal Bureau of Investigation (FBI) warned organizations and businesses about app-killing malware. The ransomware threat, according to the FBI, has been upgraded by hackers to make it more difficult to detect but more effective in attack.
The Investigative unit urged organizations to be wary of
such threats to their systems. And the state of emergency recently declared by
the City of New Orleans is a good pointer that ransomware is a big threat to
systems.
On 23 December, last year, there was another ransomware attack at the Maastricht
University, which infiltrated almost all Windows systems. Now the FBI is saying
the ransomware is even stronger and more devastating because the hackers have
upgraded it.
It has been evolved to become an even more hazard to Windows 10 users. Also, security researchers have warned that the Clop ransomware has the capability of ending about 663 Windows 10 processes even before the file encryption processes begin. According to the researchers, Clop ransomware can kill several Microsoft Office and Windows 10 applications within a limited space of time.
The Clop ransomware was first discovered as a simple
modification of the cryptoMix ransomware in March, last year. By then, there
wasn’t anything particularly extraordinary about the malware. However, the
ransomware suddenly stopped targeting individual windows machines to do more
devastating work by targeting the entire networks. That was when cyber-security
researchers started paying more serious attention to the activities of the
ransomware.
At the time, researchers thought that Russia’s TA505 threat group was responsible for the Clop
attacks, including the attack on Maastricht University on Dec 23, 2019.
Even before then, the cryptoMix ransomware had been causing a lot of nuisance, albeit on a smaller scale.
While reporting to Bleeping Computers on Nov 22, last year,
security researcher Lawrence Abraham said that Clop has now upgraded to the
extent of dislodging Microsoft Security essentials and destabilizing Windows
Defender. He also said the ransomware is even capable of fighting off
Malwarebyte Anti-ransomware protection on Windows.
Threat actors have often favored the target of Windows 10. There have been a series of attacks on Windows 10, including the Snatch cyber syndicates that implemented the bypass malware and from APT attack syndicates like Thallium. Microsoft has been able to nullify most of these threats, which did not cause heavy damage.
However, the actors pushing the Clop malware had spent a
long time and effort to make the malware more adaptable and more devastating to
Windows processes.
Generally, normal ransomware would try to disable security
software before they try to cause havoc on the host system. But the report from
Bleeping Computer revealed that Clop could do much more than that.
The upgraded ransomware is capable of terminating about 663
Windows processes. Although it’s still not clear why it could terminate some of
these processes, Abrams, who is the editor-in-chief at Bleeping Computers,
reported that the ransomware might be looking for encrypted configuration files
for some of these programs. It could also be because the threat actors are
making sure that many files are closed to make them successfully encrypted.
According to him , the most common terminated
files by the Clop ransomware include SecureCRT, Snagit, and the Calculator
program.
Abrams also said the closedown process of the Clop
ransomware is unreasonably high, with different types of applications impacted.
When programs like Word, Skype, PowerPoint, Edge, Calculator, and Acrobat as
all targeted, it’s a clear indication that the actors are targeting a broader
sweep.
The worst part is the fact that Clop does not terminate the
files through a Windows batch file. Rather, Clop entrenched termination
functionality into the executable ransomware. According to the researchers,
that’s when it can even do more devastating damage.
Just like any other ransomware, the ideal way to combat the
threat is to be fully aware and prepared. When users understand how the malware
operates to infiltrate the system, it will help them fashion out a more
appropriate defense mechanism for such malware.
Another practice is to make sure that the system has the latest security updates. It’s also good for users to study the activities of most of the malware because they are threats to a wide range of systems and applications. According to researchers, when users are aware of the activities of malware, it would help them get prepared and keep the malware off their system.
nonvbvru cc4youcc

Author: wpadmin