CLOP Analyst Note

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

CLOP is a ransomware variant associated with the FIN11 threat actor group and the double extortion tactic, it has previously been used to target several U.S. HPH organizations. Researchers have also identified the CLOP operators combining the “spray and pray” approach to compromising targets with a more targeted approach, suggesting that the operators have some discretion when selecting victims.

CLOP Analyst Note