MENU

Republic of the Philippines
National Police Commission
PHILIPPINE NATIONAL POLICE
ANTI-CYBERCRIME GROUP
Camp BGen Rafael T Crame, Quezon City
E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

ACG-CYBER SECURITY BULLETIN NR 225: UNDERSTANDING THE SECURITY RISK OF CLOP RANSOMWARE

Reference Number ACG-CSB 110821225

         The following information was obtained from different cyber security sources for notification to all parties concerned pursuant to the mandate of the Philippine National Police Anti-Cybercrime Group (PNP ACG) and classified as Restricted pursuant to the PNP Regulation 200-012 on Document Security and Impact Rating as high based on PNP Information Communication Technology (ICT) Security Manual s.2010-01 p. 22 and p.129.

SUMMARY

      Clop Ransomware belongs to a popular Cryptomix ransomware family. It is a dangerous file encrypting virus which actively avoids the security, unprotected system and encrypts the saved files by planting the clop extension. It is considered very dangerous malware because the virus has grave consequences, capable of contaminating majority of the operating system versions like Windows XP, Windows 7, Windows 8, Windows 8.1, and Windows 10.

     Clop Ransomware belongs to a popular Cryptomix ransomware family. It is a dangerous file encrypting virus which actively avoids the security, unprotected system and encrypts the saved files by planting the clop extension. It is considered very dangerous malware because the virus has grave consequences, capable of contaminating majority of the operating system versions like Windows XP, Windows 7, Windows 8, Windows 8.1, and Windows 10.

    Clop Ransomware belongs to a popular Cryptomix ransomware family. It is a dangerous file encrypting virus which actively avoids the security, unprotected system and encrypts the saved files by planting the clop extension. It is considered very dangerous malware because the virus has grave consequences, capable of contaminating majority of the operating system versions like Windows XP, Windows 7, Windows 8, Windows 8.1, and Windows 10.

      Clop ransomware targeting and focusing on enterprises, and organizations/institutions across the globe and not those regular users because of their financial potential. The clop ransomware attackers have stolen and encrypted private data such as data backups, financial records, thousands of emails, and vouchers of several companies.

      Clop ransomware targeting and focusing on enterprises, and organizations/institutions across the globe and not those regular users because of their financial potential. The clop ransomware attackers have stolen and encrypted private data such as data backups, financial records, thousands of emails, and vouchers of several companies.

     Clop ransomware is created to alter predefined browser settings and operate several functionalities to run a built-in encryption section and pervert all significant files that you store on your system and make them useless.

    Damaging infections in the computer via junk attachments and download links present in the body of the mail. These unrequested emails generally seem to be from a well-known organization such as banks and insurance companies.

    When the victim open the damaged file, it shows a ransom message notifying the users of the encryption and instructing them regarding the ransom payment process whether through bitcoin or other cryptocurrencies.

    Pornographic websites are also a major cause of these ransomware infections. Once injected into the system, a fake certificate issued to the executable grant the Clop virus elevated privileges and initiates the clearnetworkdns_11-22-33.bat file.

     This permits malware to overwrite and change the system files. It also reads multiple technical details such as computer names and sends them off to threat actors.

     Clop ransomware also creates \Users\CIiHmnxMn6Ps folder wherein more malicious files are implemented. Clop ransomware examines the computer for files to encrypt such as .jpg, .mp3, .doc, .mkv etc and transformed into picture.jpg.Clop, and becomes impossible to access.

RECOMMENDATION

 

        All PNP personnel as well as the public are advised to follow the tips below in order to avoid the security risk of Clop Ransomware:

 

  • Check twice before you open email attachments or click the links and DO NOT open any suspicious emails.
  • Download applications only from official sources utilizing direct download links and avoid third-party downloaders.
  • For software updates, it is essential to keep installed apps and systems updated. However, this should be achieved only through implemented functions or tools provided by the official developer.
  • Remember that using pirated software is considered a cybercrime and there is a huge probability to infect your devices since these software cracking tools are frequently used to spread malware.
  • Invest in a reliable anti-virus/anti-spyware suite because these tools can detect and eliminate malware before any harm is done. • Do not pay the ransom no matter what the cost is because once the ransomware cybercriminals get their money, the victim will completely be ignored with no possibility to recover their encrypted data.
  • Keep regular backups and store them on a cloud remote server or unplugged storage devices such as flash drive or external hard drive.

 

For additional information, please refer to the following websites:

 

POINT OF CONTACT

 

    Please contact PCPT MARK GERALD A NORBE Police Community Relations Officer thru e-mail address This email address is being protected from spambots. You need JavaScript enabled to view it. or contact us on telephone number (632) 723 0401 local 7483 for any inquiries related to this CYBER SECURITY BULLETIN.