A Clop ransomware variant can now take down a total of 663 Windows processes, reported Bleeping Computer.
The ransomware was discovered by Michael Gillespie at MalwareHunterTeam in February 2019. The malware has been evolving since then, McAfee researchers Alexandre Mundo and Marc Rivero Lopez noted in August.
"Clop is a variant of the CryptoMix ransomware family, but has been evolving rapidly in the last year to disable an increasingly large number of windows processes," Javvad Malik, security awareness advocate at KnowBe4, told SC Media UK.
The latest variant of Clop was found in late December 2019 by MalwareHunterTeam. Vitali Kremez of MalwareHunterTeam reverse engineered the variant and found that Clop now terminates 663 Windows processes -- including new Windows 10 apps, programming languages, debuggers, terminal programs, and programming IDE software -- before encrypting files.
"The main goal of Clop is to encrypt all files in an enterprise and request a payment to receive a decryptor to decrypt all the affected files," read the McAfee report in August.
"To achieve this, we observed some new techniques being used by the author that we have not seen before. Clearly over the last few months we have seen more innovative techniques appearing in ransomware."
Vitali Kremez's report lists Calculator, Acrobat, Office applications, Edge, Skype, and even the new Windows 10 Your Phone app as vulnerable to the new Clop variant.
"The fact that it can disable so many processes is quite worrying, and lessens the reliance organisations can place on their endpoint controls," said Malik.
..
Support the originator by clicking the read the rest link below.
