Clop ransomware group is back
After shutting down their operation for several months, between November and February, the Cl0p ransomware is now back.
CL0P had an explosive and unexpected return to the forefront of the ransomware threat landscape, jumping from the least active threat actor in March to the fourth most active in April.
There were notable fluctuations in threat actor targeting in April. While Lockbit 2.0 (103 victims) and Conti (45 victims) remain the most prolific threat actors, victims of CL0P increased massively, from 1 to 21.
This surge in activity was noticed after the ransomware group added 21 new victims to their data leak site within a single month, in April.
Cl0p's most targeted sector was the industrial sector, with 45% of Cl0p ransomware attacks hitting industrial organizations and 27% targeting tech companies.
The Clop ransomware gang's activity lull is easily explained by some of its infrastructure getting shut down in June 2021 following an international law enforcement operation codenamed Operation Cyclone coordinated by the INTERPOL.
In the same time, the notorious Conti ransomware group has published all of the data it stole during a January cyber attack on the government servers of Linn County, Oregon.