Clop is a ransomware variant of the CryptoMix family that is thought to have been developed in Russia. It targets victims in the United States, Canada, Latin America, Asia Pacific, and Europe. Last month, law enforcement authorities in a joint task force from Ukraine, South Korea, and the USA, arrested and charged six suspects believed to be members of the Clop threat actor gang.
This threat was the first ransomware to demand a payment of over $20 million when it infected Software AG, the second largest enterprise software firm in Germany, in October of 2020. Clop continues to be linked to a number of high-profile attacks, such as those on enterprise cloud file-sharing company Accellion and its clients, including investment banking company Morgan Stanley.
Even following the prominent arrests, this ransomware group continues to leak confidential information obtained from new victims. This means it’s likely that the individuals who were arrested were not key figures in the malware’s operations.
Prevention First
At BlackBerry, we take a prevention-first and AI-driven approach to cybersecurity. Putting prevention first neutralizes malware before the exploitation stage of the kill-chain.
By stopping malware at this stage, BlackBerry® solutions help organizations increase their resilience. It also helps reduce infrastructure complexity and streamline security management to ensure business, people, and endpoints are secure.
The BlackBerry Research & Intelligence Team has analyzed the attack methods used by this threat, and in addition to recommending basic cyber hygiene steps, strongly urges BlackBerry customers to ensure their systems have the following BlackBerry® Cyber Suite components enabled with a blocking policy to detect threats that trigger the specific rule noted below.
BlackBerry Cyber Suite and BlackBerry Guard stop these attacks.
Our customers can feel confident that the AI-driven BlackBerry Cyber Suite, as well as our Managed Detection & Response (MDR) solution BlackBerry® Guard, are all well-equipped to mitigate the risks posed by threat actors such as those behind Clop ransomware:
- BlackBerry® Protect provides automated malware prevention, application and script control, memory protection, and device policy enforcement.
- BlackBerry® Optics extends the threat prevention by using artificial intelligence (AI) to prevent security incidents. It provides true AI-powered incident prevention, root cause analysis, smart threat hunting, and automated detection and response capabilities.
- BlackBerry recommends the following BlackBerry Optics rules be activated to provide additional telemetry from the attack:
- Win EFS key creation
- BlackBerry recommends the following BlackBerry Optics rules be activated to provide additional telemetry from the attack:
- BlackBerry® Protect Mobile prevents and detects advanced malicious threats at the device and application levels. It combines the mobile endpoint management capabilities of BlackBerry® Unified Endpoint Manager with advanced AI-driven threat protection to get in front of malicious cyberattacks in a Zero Trust environment.
- BlackBerry® Persona creates trust based on user behavior analytics, app usage, and network and process invocation patterns. It uses adaptive risk scoring to provide continuous authentication.
- BlackBerry Guard customers are proactively protected from Clop ransomware attacks. Our 24/7 MDR solution customers receive:
- Alerts monitored in real-time
- Corrective policies applied while discovering gaps in policy implementation
- Prioritized threat hunting
- The latest threat intelligence for fast-moving threats
BlackBerry Assistance
The BlackBerry Incident Response team can work with organizations of any size and across any vertical, to evaluate and enhance their endpoint security posture and proactively maintain the security, integrity, and resilience of their network infrastructure.
For emergency assistance, please email us or use our handraiser form.
Learn more about the latest cybersecurity threats and threat actors in the BlackBerry 2021 Annual Threat Report.