{"id":18610,"date":"2023-07-11T07:31:03","date_gmt":"2023-07-11T14:31:03","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?p=18610"},"modified":"2023-07-11T14:51:37","modified_gmt":"2023-07-11T21:51:37","slug":"all-about-clop-ransomware","status":"publish","type":"post","link":"https:\/\/10.42.32.162\/blog\/all-about-clop-ransomware\/","title":{"rendered":"All About Clop Ransomware"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"18610\" class=\"elementor elementor-18610\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-edf1e89 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"edf1e89\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-9cec043\" data-id=\"9cec043\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-3a58036 elementor-widget elementor-widget-text-editor\" data-id=\"3a58036\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><span style=\"font-weight: bold;\">The recent past has seen a sudden uptick of Cl0p ransomware related activity that affects various sectors including transportation and logistics, education, manufacturing, retail, energy, aerospace, telecommunications, professional and legal services, healthcare and large tech conglomerates spanning the US, Latin America, Canada, Europe, and Asia Pacific. Considering this surge in activity, Securin experts took a deep dive into the inner workings of Cl0p ransomware.<\/span><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-204fc5b elementor-widget elementor-widget-spacer\" data-id=\"204fc5b\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-334b30a elementor-widget elementor-widget-heading\" data-id=\"334b30a\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">In This Article:<\/h3>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a4335de elementor-widget elementor-widget-text-editor\" data-id=\"a4335de\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul><li><a href=\"#Snapshot-of-Cl0p-Ransomwares-Past\">Snapshot of Cl0p Ransomware\u2019s Past<\/a><\/li><li><a href=\"#Cl0p-Ransomware-Cheat-Sheet\">Cl0p Ransomware Cheat Sheet<\/a><\/li><li><a href=\"#Cl0p-Ransomware-Attack-Methodology\">Cl0p Ransomware Attack Methodology<\/a><\/li><li><a href=\"#Cl0p-Ransomware-MITRE-MAP-with-IOCs\">Cl0p Ransomware MITRE MAP with IOCs<\/a><\/li><li><a href=\"#Interesting-Trends\">Interesting Trends<\/a><\/li><li><a href=\"#Cl0p-Ransomware-Prevention-and-Cure\">Cl0p Ransomware &#8211; Prevention and Cure<\/a><\/li><\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-777dbd1 elementor-widget elementor-widget-spacer\" data-id=\"777dbd1\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4c1ce2f elementor-widget elementor-widget-menu-anchor\" data-id=\"4c1ce2f\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div id=\"Snapshot-of-Cl0p-Ransomwares-Past\" class=\"elementor-menu-anchor\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4636ff5 elementor-widget elementor-widget-heading\" data-id=\"4636ff5\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">Snapshot of Cl0p Ransomware\u2019s Past<\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-70758b5 elementor-widget elementor-widget-text-editor\" data-id=\"70758b5\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>The Cl0p ransomware gang is a variant of a previously existing ransomware strain called\u00a0<a style=\"transition-property: all;\" href=\"https:\/\/www.webroot.com\/blog\/2016\/07\/22\/about-cryptomix-ransomware\/\" target=\"_blank\" rel=\"noopener\">CryptoMix<\/a>, first spotted in 2019, and has been previously linked to financially motivated advanced threat groups, TA505 (GRACEFUL SPIDER) and FIN11.\u00a0<\/p><p>In recent times, Cl0p ransomware has leveraged the Accellion File Transfer Appliance (FTA) zero-day in attacks, alongside the\u00a0<a style=\"transition-property: all;\" href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/clop-gang-exploiting-solarwinds-serv-u-flaw-in-ransomware-attacks\/?&amp;web_view=true\" target=\"_blank\" rel=\"noopener\">Solarwinds Serv-U FTP vulnerability<\/a>, the GoAnywhere MFT zero-day vulnerability, the recently discovered PaperCut vulnerabilities as well as the newly discovered Progress MOVEit Transfer vulnerabilities.\u00a0<\/p><p>The new spike in attacks has brought Cl0p back into the limelight.\u00a0<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5a26c9b elementor-widget elementor-widget-spacer\" data-id=\"5a26c9b\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-69ed3c8 elementor-widget elementor-widget-menu-anchor\" data-id=\"69ed3c8\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div id=\"Cl0p-Ransomware-Cheat-Sheet\" class=\"elementor-menu-anchor\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8451d8e elementor-widget elementor-widget-heading\" data-id=\"8451d8e\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">Cl0p Ransomware Cheat Sheet<\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7816b81 elementor-widget elementor-widget-text-editor\" data-id=\"7816b81\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><strong>Securin experts have observed Cl0p ransomware exploiting a total of 13 vulnerabilities, including three recently-discovered MOVEit Transfer bugs, and two flaws affecting PaperCut print management solutions.<\/strong><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-858d0d3 elementor-widget elementor-widget-image\" data-id=\"858d0d3\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"1756\" height=\"1523\" src=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/Clop-Ransomware.png\" class=\"attachment-full size-full wp-image-18816\" alt=\"\" srcset=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/Clop-Ransomware.png 1756w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/Clop-Ransomware-300x260.png 300w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/Clop-Ransomware-1024x888.png 1024w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/Clop-Ransomware-768x666.png 768w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/Clop-Ransomware-1536x1332.png 1536w\" sizes=\"(max-width: 1756px) 100vw, 1756px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e940ab2 elementor-widget elementor-widget-text-editor\" data-id=\"e940ab2\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>Our experts used Securin\u2019s Vulnerability Intelligence platform for predictive analysis to identify the vulnerabilities and how likely they are to be exploited in future attacks. Here is a detailed analysis of the vulnerabilities exploited by Cl0p ransomware in their attacks:<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0598412 elementor-widget elementor-widget-spacer\" data-id=\"0598412\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5b3129f elementor-widget elementor-widget-heading\" data-id=\"5b3129f\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h5 class=\"elementor-heading-title elementor-size-default\"><strong>CVE-2019-19781 - <\/strong>Citrix Application Delivery Controller (ADC) and Gateway 10.5 to 13.0 - CISA KEV, Trending - 12 Ransomware \/ 7 APT<\/h5>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5626c71 elementor-widget elementor-widget-image\" data-id=\"5626c71\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"977\" height=\"276\" src=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_2.png\" class=\"attachment-full size-full wp-image-18782\" alt=\"\" srcset=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_2.png 977w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_2-300x85.png 300w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_2-768x217.png 768w\" sizes=\"(max-width: 977px) 100vw, 977px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e2cb1b7 elementor-widget elementor-widget-image\" data-id=\"e2cb1b7\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"923\" height=\"348\" src=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_3.png\" class=\"attachment-full size-full wp-image-18783\" alt=\"\" srcset=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_3.png 923w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_3-300x113.png 300w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_3-768x290.png 768w\" sizes=\"(max-width: 923px) 100vw, 923px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2fbae8b elementor-widget elementor-widget-heading\" data-id=\"2fbae8b\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h5 class=\"elementor-heading-title elementor-size-default\"><strong>CVE-2020-1472\u00a0-<\/strong>\u00a0Netlogon Elevation of Privilege Vulnerability - CISA KEV, Trending - 9 Ransomware \/ 8 APT<\/h5>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-155c084 elementor-widget elementor-widget-image\" data-id=\"155c084\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"1080\" height=\"248\" src=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_4.png\" class=\"attachment-full size-full wp-image-18784\" alt=\"\" srcset=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_4.png 1080w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_4-300x69.png 300w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_4-1024x235.png 1024w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_4-768x176.png 768w\" sizes=\"(max-width: 1080px) 100vw, 1080px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3e7915f elementor-widget elementor-widget-image\" data-id=\"3e7915f\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"1041\" height=\"394\" src=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_5.png\" class=\"attachment-full size-full wp-image-18785\" alt=\"\" srcset=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_5.png 1041w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_5-300x114.png 300w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_5-1024x388.png 1024w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_5-768x291.png 768w\" sizes=\"(max-width: 1041px) 100vw, 1041px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-acb305e elementor-widget elementor-widget-heading\" data-id=\"acb305e\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h5 class=\"elementor-heading-title elementor-size-default\"><strong>CVE-2021-35211-<\/strong>\u00a0SolarWinds Serv-U product Remote Memory Escape Vulnerability - CISA KEV, Trending - 1 Ransomware \/ 2 APT<\/h5>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-90137ff elementor-widget elementor-widget-image\" data-id=\"90137ff\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"1074\" height=\"264\" src=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_6.png\" class=\"attachment-full size-full wp-image-18786\" alt=\"\" srcset=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_6.png 1074w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_6-300x74.png 300w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_6-1024x252.png 1024w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_6-768x189.png 768w\" sizes=\"(max-width: 1074px) 100vw, 1074px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3de75b8 elementor-widget elementor-widget-image\" data-id=\"3de75b8\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"1041\" height=\"388\" src=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_7.png\" class=\"attachment-full size-full wp-image-18787\" alt=\"\" srcset=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_7.png 1041w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_7-300x112.png 300w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_7-1024x382.png 1024w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_7-768x286.png 768w\" sizes=\"(max-width: 1041px) 100vw, 1041px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c19a3e7 elementor-widget elementor-widget-heading\" data-id=\"c19a3e7\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h5 class=\"elementor-heading-title elementor-size-default\"><strong>CVE-2021-27101 -<\/strong>\u00a0Accellion FTA 9_12_370 and earlier SQL injection vulnerability - CISA KEV, Trending - 1 Ransomware \/ 1 APT<\/h5>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0aaa733 elementor-widget elementor-widget-image\" data-id=\"0aaa733\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"1085\" height=\"252\" src=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_8.png\" class=\"attachment-full size-full wp-image-18788\" alt=\"\" srcset=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_8.png 1085w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_8-300x70.png 300w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_8-1024x238.png 1024w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_8-768x178.png 768w\" sizes=\"(max-width: 1085px) 100vw, 1085px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-961522d elementor-widget elementor-widget-image\" data-id=\"961522d\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"1049\" height=\"392\" src=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_9.png\" class=\"attachment-full size-full wp-image-18789\" alt=\"\" srcset=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_9.png 1049w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_9-300x112.png 300w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_9-1024x383.png 1024w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_9-768x287.png 768w\" sizes=\"(max-width: 1049px) 100vw, 1049px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e42a64e elementor-widget elementor-widget-heading\" data-id=\"e42a64e\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h5 class=\"elementor-heading-title elementor-size-default\"><strong>CVE-2021-27102\u00a0-<\/strong>\u00a0Accellion FTA 9_12_411 and earlier OS Command execution vulnerability - CISA KEV, Trending - 1 Ransomware \/ 1 APT<\/h5>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d31faa9 elementor-widget elementor-widget-image\" data-id=\"d31faa9\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"1078\" height=\"267\" src=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_10.png\" class=\"attachment-full size-full wp-image-18790\" alt=\"\" srcset=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_10.png 1078w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_10-300x74.png 300w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_10-1024x254.png 1024w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_10-768x190.png 768w\" sizes=\"(max-width: 1078px) 100vw, 1078px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7685d6b elementor-widget elementor-widget-image\" data-id=\"7685d6b\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"1045\" height=\"388\" src=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_11.png\" class=\"attachment-full size-full wp-image-18791\" alt=\"\" srcset=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_11.png 1045w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_11-300x111.png 300w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_11-1024x380.png 1024w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_11-768x285.png 768w\" sizes=\"(max-width: 1045px) 100vw, 1045px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-309122f elementor-widget elementor-widget-heading\" data-id=\"309122f\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h5 class=\"elementor-heading-title elementor-size-default\"><strong>CVE-2021-27103\u00a0-<\/strong>\u00a0Accellion FTA 9_12_411 and earlier SSRF vulnerability - CISA KEV -\u00a0 1 Ransomware \/ 1 APT<\/h5>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-68a6e0e elementor-widget elementor-widget-image\" data-id=\"68a6e0e\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"1079\" height=\"273\" src=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_12.png\" class=\"attachment-full size-full wp-image-18792\" alt=\"\" srcset=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_12.png 1079w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_12-300x76.png 300w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_12-1024x259.png 1024w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_12-768x194.png 768w\" sizes=\"(max-width: 1079px) 100vw, 1079px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7031ea1 elementor-widget elementor-widget-image\" data-id=\"7031ea1\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"1044\" height=\"388\" src=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_13.png\" class=\"attachment-full size-full wp-image-18793\" alt=\"\" srcset=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_13.png 1044w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_13-300x111.png 300w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_13-1024x381.png 1024w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_13-768x285.png 768w\" sizes=\"(max-width: 1044px) 100vw, 1044px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e0b49f9 elementor-widget elementor-widget-heading\" data-id=\"e0b49f9\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h5 class=\"elementor-heading-title elementor-size-default\"><strong>CVE-2021-27104\u00a0-<\/strong>\u00a0Accellion FTA 9_12_370 and earlier OS Command Execution vulnerability - CISA KEV, Trending - 1 Ransomware \/ 1 APT<\/h5>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ed7eefa elementor-widget elementor-widget-text-editor\" data-id=\"ed7eefa\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><span style=\"font-weight: bold;\">Securin experts were able to warn customers about the likelihood of attacks leveraging this vulnerability, 365 days ahead of scanners like Nessus and Nexpose.<\/span><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-013e266 elementor-widget elementor-widget-image\" data-id=\"013e266\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"1086\" height=\"270\" src=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_14.png\" class=\"attachment-full size-full wp-image-18794\" alt=\"\" srcset=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_14.png 1086w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_14-300x75.png 300w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_14-1024x255.png 1024w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_14-768x191.png 768w\" sizes=\"(max-width: 1086px) 100vw, 1086px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9296a1b elementor-widget elementor-widget-image\" data-id=\"9296a1b\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"1040\" height=\"389\" src=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_15.png\" class=\"attachment-full size-full wp-image-18795\" alt=\"\" srcset=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_15.png 1040w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_15-300x112.png 300w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_15-1024x383.png 1024w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_15-768x287.png 768w\" sizes=\"(max-width: 1040px) 100vw, 1040px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f57d2fc elementor-widget elementor-widget-heading\" data-id=\"f57d2fc\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h5 class=\"elementor-heading-title elementor-size-default\"><strong>CVE-2023-0669\u00a0-<\/strong> Fortra GoAnywhere MFT pre-authentication command injection vulnerability - CISA KEV, Trending - 1 Ransomware \/ 1 APT<\/h5>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8889339 elementor-widget elementor-widget-text-editor\" data-id=\"8889339\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><span style=\"font-weight: bold;\">Securin experts were able to warn customers about the likelihood of attacks leveraging this vulnerability, six days ahead of Nessus and Qualys scanners.<\/span><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-193ef2c elementor-widget elementor-widget-image\" data-id=\"193ef2c\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"1044\" height=\"392\" src=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_16.png\" class=\"attachment-full size-full wp-image-18796\" alt=\"\" srcset=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_16.png 1044w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_16-300x113.png 300w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_16-1024x384.png 1024w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_16-768x288.png 768w\" sizes=\"(max-width: 1044px) 100vw, 1044px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e3fb282 elementor-widget elementor-widget-heading\" data-id=\"e3fb282\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h5 class=\"elementor-heading-title elementor-size-default\"><strong>CVE-2023-27350\u00a0-<\/strong>\u00a0This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914).\u00a0- CISA KEV, Trending - 3 Ransomware \/ 3 APT<\/h5>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ce7f1b6 elementor-widget elementor-widget-text-editor\" data-id=\"ce7f1b6\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><span style=\"font-weight: bold;\">Securin experts were able to warn customers about the likelihood of attacks leveraging this vulnerability, five days ahead of Qualys scanners.<\/span><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4c6045f elementor-widget elementor-widget-image\" data-id=\"4c6045f\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"1066\" height=\"402\" src=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_17.png\" class=\"attachment-full size-full wp-image-18797\" alt=\"\" srcset=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_17.png 1066w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_17-300x113.png 300w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_17-1024x386.png 1024w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_17-768x290.png 768w\" sizes=\"(max-width: 1066px) 100vw, 1066px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9af4997 elementor-widget elementor-widget-heading\" data-id=\"9af4997\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h5 class=\"elementor-heading-title elementor-size-default\"><strong>CVE-2023-27351 -<\/strong>\u00a0This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). - Trending - 2 Ransomware \/ 1 APT<\/h5>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-63492d1 elementor-widget elementor-widget-text-editor\" data-id=\"63492d1\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><span style=\"font-weight: bold;\">Securin experts were able to warn customers about the likelihood of attacks leveraging this vulnerability, five days ahead of Qualys scanners.<\/span><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d0c5e89 elementor-widget elementor-widget-image\" data-id=\"d0c5e89\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"1052\" height=\"388\" src=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_18.png\" class=\"attachment-full size-full wp-image-18798\" alt=\"\" srcset=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_18.png 1052w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_18-300x111.png 300w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_18-1024x378.png 1024w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/cl0p_18-768x283.png 768w\" sizes=\"(max-width: 1052px) 100vw, 1052px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a6c9649 elementor-hidden-desktop elementor-hidden-tablet elementor-hidden-mobile elementor-widget elementor-widget-heading\" data-id=\"a6c9649\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h5 class=\"elementor-heading-title elementor-size-default\"><strong>CVE-2023-34362 -<\/strong> This vulnerability allows unauthenticated remote attackers to gain access into Progress MOVEit Transfer server versions before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1). - CISA KEV, Trending - 1 Ransomware \/ 2 APT<\/h5>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2d83eed elementor-hidden-desktop elementor-hidden-tablet elementor-hidden-mobile elementor-widget elementor-widget-text-editor\" data-id=\"2d83eed\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>Cl0p&#8217;s <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/clop-ransomware-likely-testing-moveit-zero-day-since-2021\/\">announced<\/a> in early June that they had been testing the now-patched MOVEit server vulnerabilities since 2021. Though still not ascertained if Cl0p is exploiting the following vulnerabilities, it is probable that they are.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-03a1e76 elementor-hidden-desktop elementor-hidden-tablet elementor-hidden-mobile elementor-widget elementor-widget-heading\" data-id=\"03a1e76\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h5 class=\"elementor-heading-title elementor-size-default\"><strong>CVE-2023-35036 -<\/strong> This vulnerability allows unauthenticated remote attackers to gain access into Progress MOVEit Transfer server versions before 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1.6), and 2023.0.2 (15.0.2). -\u00a0 Trending - 1 Ransomware*<\/h5>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-745b423 elementor-hidden-desktop elementor-hidden-tablet elementor-hidden-mobile elementor-widget elementor-widget-heading\" data-id=\"745b423\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h5 class=\"elementor-heading-title elementor-size-default\"><strong>CVE-2023-35708 -<\/strong> This vulnerability allows unauthenticated remote attackers to gain access into Progress MOVEit Transfer server versions before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3). -\u00a0 Trending - 1 Ransomware*<\/h5>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-38ce630 elementor-widget elementor-widget-spacer\" data-id=\"38ce630\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f52d2e6 elementor-widget elementor-widget-menu-anchor\" data-id=\"f52d2e6\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div id=\"Cl0p-Ransomware-Attack-Methodology\" class=\"elementor-menu-anchor\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<section class=\"elementor-section elementor-inner-section elementor-element elementor-element-b2a484d elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"b2a484d\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-e33f267\" data-id=\"e33f267\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-94cb0c6 elementor-widget elementor-widget-heading\" data-id=\"94cb0c6\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">Cl0p Ransomware Attack Methodology<\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-97f0ebb elementor-widget-tablet__width-initial elementor-widget elementor-widget-text-editor\" data-id=\"97f0ebb\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>Cl0p ransomware was first spotted by Securin experts delivering a final payload for a phishing campaign run by TA505. The phishing emails would lead victims to a macro-enabled document that would drop a loader called Get2. The loader would then download various tools such as FlawedGrace, FlawedAmmy and SDBot, that were leveraged by the threat actor. Upon gaining a foothold on a victim\u2019s machine, reconnaissance was conducted parallelly, alongside lateral movement and data exfiltration, to prepare for deployment of the ransomware. The SDBot payload has been observed delivering Cl0p ransomware.<\/p><p>Once Cl0p ransomware is deployed, it activates several features like code signing, to help it avoid detection. The ransomware usually tries to kill several processes and services relating to backups or security solutions, and does not deploy if it detects being run in a virtual environment.&nbsp;<\/p><p>Once the ransomware is injected into the system, a fake certificate is issued to grant executable rights to the Cl0p virus to elevate privileges and initiate a .bat file. The file then allows malware to overwrite and change system files. It also reads technical details such as computer names and shares them with the threat actors. The ransomware also creates a separate folder where more malicious files are implemented.<\/p><p>Cl0p ransomware then examines the victim computer for files to encrypt. Regularly used files such as .jpg, .mp3, .doc, etc are targeted in the encryption process. Once the encryption process is complete, all encrypted files get a .Clop extension to their titles and becomes impossible to access.&nbsp;<\/p><p>The victims then need to pay the ransom amount in order to remove Cl0p ransomware and facilitate in unlocking the files and recovering the data.&nbsp;<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-61b9000\" data-id=\"61b9000\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-048ee01 elementor-widget elementor-widget-image\" data-id=\"048ee01\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"640\" height=\"1272\" src=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/Clop-Ransomware-02-768x1526.jpg\" class=\"attachment-medium_large size-medium_large wp-image-18799\" alt=\"\" srcset=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/Clop-Ransomware-02-768x1526.jpg 768w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/Clop-Ransomware-02-151x300.jpg 151w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/Clop-Ransomware-02-515x1024.jpg 515w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/Clop-Ransomware-02-773x1536.jpg 773w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/Clop-Ransomware-02-1030x2048.jpg 1030w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/Clop-Ransomware-02-scaled.jpg 1288w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<div class=\"elementor-element elementor-element-50df465 elementor-widget elementor-widget-spacer\" data-id=\"50df465\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b92316a elementor-widget elementor-widget-spacer\" data-id=\"b92316a\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f94279f elementor-widget elementor-widget-menu-anchor\" data-id=\"f94279f\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div id=\"Cl0p-Ransomware-MITRE-MAP-with-IOCs\" class=\"elementor-menu-anchor\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7df59bd elementor-widget elementor-widget-heading\" data-id=\"7df59bd\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">Cl0p Ransomware MITRE MAP with IOCs<\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b249366 elementor-widget elementor-widget-image\" data-id=\"b249366\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"1818\" height=\"950\" src=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/Clop-Ransomware-01.png\" class=\"attachment-full size-full wp-image-18617\" alt=\"\" srcset=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/Clop-Ransomware-01.png 1818w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/Clop-Ransomware-01-300x157.png 300w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/Clop-Ransomware-01-1024x535.png 1024w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/Clop-Ransomware-01-768x401.png 768w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/06\/Clop-Ransomware-01-1536x803.png 1536w\" sizes=\"(max-width: 1818px) 100vw, 1818px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-abe75cd elementor-widget elementor-widget-spacer\" data-id=\"abe75cd\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-39a76b9 elementor-widget elementor-widget-text-editor\" data-id=\"39a76b9\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<table dir=\"ltr\" style=\"table-layout: fixed; font-size: 10pt; font-family: Lato; width: 1103px; border-collapse: collapse; border: none; height: 1592px;\" border=\"1\" cellspacing=\"0\" cellpadding=\"0\"><colgroup> <col width=\"100\" \/> <col width=\"576\" \/><\/colgroup><tbody><tr style=\"height: 21px;\"><td style=\"border: 1px solid #000000; overflow: hidden; padding: 2px 3px; vertical-align: bottom; font-family: Lato; font-weight: bold; white-space: normal; overflow-wrap: break-word; text-align: center;\" colspan=\"2\" rowspan=\"1\" data-sheets-value=\"{&quot;1&quot;:2,&quot;2&quot;:&quot;Clop Ransomware IOCs&quot;}\"><h6><strong>Clop Ransomware IOCs<\/strong><\/h6><\/td><\/tr><tr style=\"height: 21px;\"><td style=\"border-width: 1px; border-style: solid; border-color: #cccccc #000000 #000000; border-image: initial; overflow: hidden; padding: 2px 3px; vertical-align: middle; white-space: normal; overflow-wrap: break-word;\" data-sheets-value=\"{&quot;1&quot;:2,&quot;2&quot;:&quot;Domains&quot;}\"><strong><span style=\"color: #000000;\">Domains<\/span><\/strong><\/td><td style=\"border-width: 1px; border-style: solid; border-color: #cccccc #000000 #000000 #cccccc; border-image: initial; overflow: hidden; padding: 2px 3px; vertical-align: middle; white-space: normal; overflow-wrap: break-word;\" data-sheets-value=\"{&quot;1&quot;:2,&quot;2&quot;:&quot;- hxxp[:]\/\/6v4q5w7di74grj2vtmikzgx2tnq5eagyg2cubpcnqrvvee2ijpmprzqd[.]onion\\n- hxxp[:]\/\/santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad[.]onion\\n- protected][.]com\\n- codeload[.]github[.]com\\n- hxxps:\/\/dsfdsfgb[.]azureedge[.]net\/332_332\/universupdatepluginx84.zipUnknown0c435aadaa3c42a71ad8ff80781def4c8ce085f960d75f15b6fee8df78b2ac38\\n- hxxps:\/\/codeload[.]github[.]com\/downloader2607\/download64_12\/zip\/refs\/heads\/mainads[.]softupdt[.]com\\n- hxxps:\/\/cdn[.]discordapp[.]com\/attachments\/1004390520904220838\/1008127492449648762\/Setup_64_11.zipUnknown\\n- hxxps:\/\/spideroak[.]com\/storage\/OVPXG4DJMRSXE33BNNPWC5LUN5PTSMRTGAZTG\/shared\/5392194-1-1040\/Setup_64_1.zip?b6755c86e52ceecf8d806bf814690691146[.]70[.]93[.]10f18a54ba72df1a17daf21b519ffeee8463cfc81c194a8759a698709f1c9a3e87\\n- aviadronazhed[.]com\\n- guteyutur[.]com\\n- hxxp:\/\/27[.]70[.]196\/km1\\n- hxxp:\/\/91[.]38[.]135[.]67\/km1&quot;}\"><p style=\"text-align: left;\">hxxp[:]\/\/6v4q5w7di74grj2vtmikzgx2tnq5eagyg2cubpcnqrvvee2ijpmprzqd[.]onion<\/p><p style=\"text-align: left;\">hxxp[:]\/\/santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad[.]onion<\/p><p style=\"text-align: left;\">protected][.]com<\/p><p style=\"text-align: left;\">codeload[.]github[.]com<\/p><p style=\"text-align: left;\">hxxps:\/\/dsfdsfgb[.]azureedge[.]net\/332_332\/universupdatepluginx84.zipUnknown0c435aadaa3c42a71ad8ff80781def4c8ce085f960d75f15b6fee8df78b2ac38<\/p><p style=\"text-align: left;\">hxxps:\/\/codeload[.]github[.]com\/downloader2607\/download64_12\/zip\/refs\/heads\/mainads[.]softupdt[.]com<\/p><p style=\"text-align: left;\">hxxps:\/\/cdn[.]discordapp[.]com\/attachments\/1004390520904220838\/1008127492449648762\/Setup_64_11.zipUnknown<\/p><p style=\"text-align: left;\">hxxps:\/\/spideroak[.]com\/storage\/OVPXG4DJMRSXE33BNNPWC5LUN5PTSMRTGAZTG\/shared\/5392194-1-1040\/Setup_64_1.zip?b6755c86e52ceecf8d806bf814690691146[.]70[.]93[.]10f18a54ba72df1a17daf21b519ffeee8463cfc81c194a8759a698709f1c9a3e87<\/p><p style=\"text-align: left;\">aviadronazhed[.]com<\/p><p style=\"text-align: left;\">guteyutur[.]com<\/p><p style=\"text-align: left;\">hxxp:\/\/27[.]70[.]196\/km1<\/p><p style=\"text-align: left;\">hxxp:\/\/91[.]38[.]135[.]67\/km1<\/p><\/td><\/tr><tr style=\"height: 21px;\"><td style=\"border-width: 1px; border-style: solid; border-color: #cccccc #000000 #000000; border-image: initial; overflow: hidden; padding: 2px 3px; vertical-align: middle; white-space: normal; overflow-wrap: break-word;\" data-sheets-value=\"{&quot;1&quot;:2,&quot;2&quot;:&quot;Emails&quot;}\"><strong><span style=\"color: #000000;\">Emails<\/span><\/strong><\/td><td style=\"border-width: 1px; border-style: solid; border-color: #cccccc #000000 #000000 #cccccc; border-image: initial; overflow: hidden; padding: 2px 3px; vertical-align: middle; white-space: normal; overflow-wrap: break-word; text-align: left;\" data-sheets-value=\"{&quot;1&quot;:2,&quot;2&quot;:&quot;unlock[@]support-mult.com&quot;}\">unlock[@]support-mult.com<\/td><\/tr><tr style=\"height: 21px;\"><td style=\"border-width: 1px; border-style: solid; border-color: #cccccc #000000 #000000; border-image: initial; overflow: hidden; padding: 2px 3px; vertical-align: middle; white-space: normal; overflow-wrap: break-word;\" data-sheets-value=\"{&quot;1&quot;:2,&quot;2&quot;:&quot;Emails&quot;}\"><strong><span style=\"color: #000000;\">Emails<\/span><\/strong><\/td><td style=\"border-width: 1px; border-style: solid; border-color: #cccccc #000000 #000000 #cccccc; border-image: initial; overflow: hidden; padding: 2px 3px; vertical-align: middle; white-space: normal; overflow-wrap: break-word; text-align: left;\" data-sheets-value=\"{&quot;1&quot;:2,&quot;2&quot;:&quot;unlock[@]rsv-box.com&quot;}\">unlock[@]rsv-box.com<\/td><\/tr><tr style=\"height: 21px;\"><td style=\"border-width: 1px; border-style: solid; border-color: #cccccc #000000 #000000; border-image: initial; overflow: hidden; padding: 2px 3px; vertical-align: middle; white-space: normal; overflow-wrap: break-word;\" data-sheets-value=\"{&quot;1&quot;:2,&quot;2&quot;:&quot;IP Address&quot;}\"><strong><span style=\"color: #000000;\">IP Address<\/span><\/strong><\/td><td style=\"border-width: 1px; border-style: solid; border-color: #cccccc #000000 #000000 #cccccc; border-image: initial; overflow: hidden; padding: 2px 3px; vertical-align: middle; white-space: normal; overflow-wrap: break-word; text-align: left;\" data-sheets-value=\"{&quot;1&quot;:2,&quot;2&quot;:&quot;146[.]70[.]93[.]10&quot;}\">146[.]70[.]93[.]10<\/td><\/tr><tr style=\"height: 21px;\"><td style=\"border-width: 1px; border-style: solid; border-color: #cccccc #000000 #000000; border-image: initial; overflow: hidden; padding: 2px 3px; vertical-align: middle; white-space: normal; overflow-wrap: break-word;\" data-sheets-value=\"{&quot;1&quot;:2,&quot;2&quot;:&quot;SHA-1 Hash&quot;}\"><strong><span style=\"color: #000000;\">SHA-1 Hash<\/span><\/strong><\/td><td style=\"border-width: 1px; border-style: solid; border-color: #cccccc #000000 #000000 #cccccc; border-image: initial; overflow: hidden; padding: 2px 3px; vertical-align: middle; white-space: normal; overflow-wrap: break-word;\" data-sheets-value=\"{&quot;1&quot;:2,&quot;2&quot;:&quot;ba5c5b5cbd6abdf64131722240703fb585ee8b56\\n4fa2b95b7cde72ff81554cfbddc31bbf77530d4d\\nac71b646b0237b487c08478736b58f208a98eebf\\n77ea0fd635a37194efc1f3e0f5012a4704992b0e\\na1a628cca993f9455d22ca2c248ddca7e743683e\\n40b7b386c2c6944a6571c6dcfb23aaae026e8e82\\n46b02cc186b85e11c3d59790c3a0bfd2ae1f82a5\\na6e940b1bd92864b742fbd5ed9b2ef763d788ea7&quot;}\"><p style=\"text-align: left;\">ba5c5b5cbd6abdf64131722240703fb585ee8b56<\/p><p style=\"text-align: left;\">4fa2b95b7cde72ff81554cfbddc31bbf77530d4d<\/p><p style=\"text-align: left;\">ac71b646b0237b487c08478736b58f208a98eebf<\/p><p style=\"text-align: left;\">77ea0fd635a37194efc1f3e0f5012a4704992b0e<\/p><p style=\"text-align: left;\">a1a628cca993f9455d22ca2c248ddca7e743683e<\/p><p style=\"text-align: left;\">40b7b386c2c6944a6571c6dcfb23aaae026e8e82<\/p><p style=\"text-align: left;\">46b02cc186b85e11c3d59790c3a0bfd2ae1f82a5<\/p><p style=\"text-align: left;\">a6e940b1bd92864b742fbd5ed9b2ef763d788ea7<\/p><\/td><\/tr><tr style=\"height: 21px;\"><td style=\"border-width: 1px; border-style: solid; border-color: #cccccc #000000 #000000; border-image: initial; overflow: hidden; padding: 2px 3px; vertical-align: middle; white-space: normal; overflow-wrap: break-word;\" data-sheets-value=\"{&quot;1&quot;:2,&quot;2&quot;:&quot;SHA-256 Hash&quot;}\"><strong><span style=\"color: #000000;\">SHA-256 Hash<\/span><\/strong><\/td><td style=\"border-width: 1px; border-style: solid; border-color: #cccccc #000000 #000000 #cccccc; border-image: initial; overflow: hidden; padding: 2px 3px; vertical-align: middle; white-space: normal; overflow-wrap: break-word;\" data-sheets-value=\"{&quot;1&quot;:2,&quot;2&quot;:&quot;09d6dab9b70a74f61c41eaa485b37de9a40c86b6d2eae7413db11b4e6a8256ef\\nd1224c08da923517d65c164932ef8d931633e5376f74bf0655b72d559cc32fd2\\n0b214297e87360b3b7f6d687bdd7802992bc0e89b170d53bf403e536e07e396e\\r\\n0c435aadaa3c42a71ad8ff80781def4c8ce085f960d75f15b6fee8df78b2ac38\\r\\n09247f88d47b69e8d50f0fe4c10c7f0ecc95c979a38c2f7dfee4aec3679b5807\\r\\na9d5ec72fad42a197cbadcb1edc6811e3a8dd8c674df473fd8fa952ba0a23c15\\r\\ne8d98621b4cb45e027785d89770b25be0c323df553274238810872164187a45f\\r\\n8e91f3294883fbdc31ff17c3075f252cbfdc1fc9145c6238468847f86d590418\\r\\nd1c04608546caf39761a0e390d8f240faa4fc821eea279f688b15d0b2cfc9729\\r\\n3320f11728458d01eef62e10e48897ec1c2277c1fe1aa2d471a16b4dccfc1207\\r\\neba8a0fe7b3724c4332fa126ef27daeca32e1dc9265c8bc5ae015b439744e989\\r\\ncf0a24f1cdf5258c132102841d5b13e1c6978d9316ba4005076606dc60ec761b\\r\\n389e03b1a1fd1c527d48df74d3c26a0483a5b105f36841193172f1ee80e62c1b\\r\\n85c42e1504bdce63c59361fb9b721a15a80234e0272248f9ed7eb5f9ba7b3203\\r\\ncb36503c08506fca731f0624fda1f7462b7f0f025a408596db1207d82174796a\\r\\naf1d155a0b36c14626b2bf9394c1b460d198c9dd96eb57fac06d38e36b805460\\r\\nad320839e01df160c5feb0e89131521719a65ab11c952f33e03d802ecee3f51f&quot;}\"><p style=\"text-align: left;\">09d6dab9b70a74f61c41eaa485b37de9a40c86b6d2eae7413db11b4e6a8256ef<\/p><p style=\"text-align: left;\">d1224c08da923517d65c164932ef8d931633e5376f74bf0655b72d559cc32fd2<\/p><p style=\"text-align: left;\">0b214297e87360b3b7f6d687bdd7802992bc0e89b170d53bf403e536e07e396e<\/p><p style=\"text-align: left;\">0c435aadaa3c42a71ad8ff80781def4c8ce085f960d75f15b6fee8df78b2ac38<\/p><p style=\"text-align: left;\">09247f88d47b69e8d50f0fe4c10c7f0ecc95c979a38c2f7dfee4aec3679b5807<\/p><p style=\"text-align: left;\">a9d5ec72fad42a197cbadcb1edc6811e3a8dd8c674df473fd8fa952ba0a23c15<\/p><p style=\"text-align: left;\">e8d98621b4cb45e027785d89770b25be0c323df553274238810872164187a45f<\/p><p style=\"text-align: left;\">8e91f3294883fbdc31ff17c3075f252cbfdc1fc9145c6238468847f86d590418<\/p><p style=\"text-align: left;\">d1c04608546caf39761a0e390d8f240faa4fc821eea279f688b15d0b2cfc9729<\/p><p style=\"text-align: left;\">3320f11728458d01eef62e10e48897ec1c2277c1fe1aa2d471a16b4dccfc1207<\/p><p style=\"text-align: left;\">eba8a0fe7b3724c4332fa126ef27daeca32e1dc9265c8bc5ae015b439744e989<\/p><p style=\"text-align: left;\">cf0a24f1cdf5258c132102841d5b13e1c6978d9316ba4005076606dc60ec761b<\/p><p style=\"text-align: left;\">389e03b1a1fd1c527d48df74d3c26a0483a5b105f36841193172f1ee80e62c1b<\/p><p style=\"text-align: left;\">85c42e1504bdce63c59361fb9b721a15a80234e0272248f9ed7eb5f9ba7b3203<\/p><p style=\"text-align: left;\">cb36503c08506fca731f0624fda1f7462b7f0f025a408596db1207d82174796a<\/p><p style=\"text-align: left;\">af1d155a0b36c14626b2bf9394c1b460d198c9dd96eb57fac06d38e36b805460<\/p><p style=\"text-align: left;\">ad320839e01df160c5feb0e89131521719a65ab11c952f33e03d802ecee3f51f<\/p><\/td><\/tr><\/tbody><\/table>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-eb6596e elementor-widget elementor-widget-spacer\" data-id=\"eb6596e\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-252a467 elementor-widget elementor-widget-menu-anchor\" data-id=\"252a467\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div id=\"Interesting-Trends\" class=\"elementor-menu-anchor\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-294d4c8 elementor-widget elementor-widget-heading\" data-id=\"294d4c8\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">Interesting Trends<\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<section class=\"elementor-section elementor-inner-section elementor-element elementor-element-ce55584 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"ce55584\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-7f93f8e\" data-id=\"7f93f8e\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-965cb1b elementor-widget elementor-widget-text-editor\" data-id=\"965cb1b\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul><li><strong>Cl0p Ransomware likes to MOVEit: <\/strong>Cl0p ransomware claimed responsibility of using the now-patched MOVEit zero-day vulnerability, and has led to <a href=\"https:\/\/statescoop.com\/nyc-schools-hit-by-moveit-breach\/\" target=\"_blank\" rel=\"noopener\">106 organizations<\/a> worldwide being affected by the exploitation.<br \/><a href=\"\/articles\/understanding-the-risks-of-moveit-vulnerabilities\/\" target=\"_blank\" rel=\"noopener\">Read our MOVEit vulnerabilities article to learn more.<\/a><\/li><\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7319c41 elementor-widget elementor-widget-text-editor\" data-id=\"7319c41\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul><li><strong>Linux Malware Flaw:\u00a0<\/strong>The Linux malware that was used in the 2022 attacks seems to have a <a style=\"transition-property: all;\" href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/clop-ransomware-flaw-allowed-linux-victims-to-recover-files-for-months\/\" target=\"_blank\" rel=\"noopener\">flaw in the encryption scheme<\/a> that has allowed the victims to recover their files for free for several months. The Cl0p Linux malware is considered an early prototype as it is plagued by several flaws and still does not have proper obfuscation and evasiveness mechanisms in place.<\/li><\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ecb8161 elementor-widget elementor-widget-text-editor\" data-id=\"ecb8161\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul><li><strong>Direct Emails to Victims:\u00a0<\/strong>The Cl0p ransomware gang pioneered an innovation by pushing more victims into paying an extortion demand by simply emailing the victim\u2019s customers and partners directly, warning of probable data leaks onto the dark web unless ransom demands were met.<\/li><\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-87eaa3f elementor-widget elementor-widget-text-editor\" data-id=\"87eaa3f\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul><li><strong>Novel Ransom Payment Schemes:\u00a0<\/strong>Several\u00a0<a style=\"transition-property: all;\" href=\"https:\/\/krebsonsecurity.com\/2022\/12\/new-ransom-payment-schemes-target-executives-telemedicine\/?web_view=true\" target=\"_blank\" rel=\"noopener\">new methods for infecting victims<\/a>\u00a0and convincing them to pay are constantly devised by ransomware groups. One method revolved around healthcare organizations offering consultations over the Internet, where booby-trapped medical records would be sent to the centers posing as \u2018patients\u2019. The second method involved carefully editing email inboxes of public company executives to make it appear that some kind of insider trading was involved. The methods were leveraged by the Cl0p group in accordance with a newer ransomware affiliate, Venus.<\/li><\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b89fec3 elementor-widget elementor-widget-text-editor\" data-id=\"b89fec3\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul><li><strong>Cyber Police Arrests in Ukraine: <\/strong>The <a href=\"https:\/\/cybernews.com\/news\/cl0p-affiliated-hackers-exposed-in-ukraine-500-million-in-damages-estimated\/?&amp;web_view=true\" target=\"_blank\" rel=\"noopener\">Ukrainian police\u00a0<\/a><a style=\"transition-property: all;\" href=\"https:\/\/cybernews.com\/news\/cl0p-affiliated-hackers-exposed-in-ukraine-500-million-in-damages-estimated\/?&amp;web_view=true\" target=\"_blank\" rel=\"noopener\">arrested<\/a> 21 people who are likely members of or affiliates of the Cl0p ransomware gang. The hackers had targeted foreign businesses based in the United States and South Korea, used double extortion techniques, dropped the FlawedAmmyy RAT and used Cl0p encryption software to decipher stolen data.<\/li><\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-02e74ea elementor-widget elementor-widget-text-editor\" data-id=\"02e74ea\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul><li><strong>Disabling Windows Defender: <\/strong>Cl0p ransomware, formerly known as CryptoMix ransomware, devised a way to disable Windows Defender as well as remove the Microsoft Security Essentials anti-ransomware programs.<\/li><\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-d425eb0\" data-id=\"d425eb0\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-3fca675 elementor-widget elementor-widget-text-editor\" data-id=\"3fca675\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul><li><strong>FIN7 uses Cl0p Ransomware: <\/strong>APT Group FIN7 was observed dropping Cl0p Ransomware in attacks in April 2023, its first campaign since 2021. The FIN7 attackers\u00a0utilized a PowerShell-based POWERTRASH in-memory malware dropper to deploy Lizar post-exploitation tool on compromised devices.<\/li><\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-cab1863 elementor-widget elementor-widget-text-editor\" data-id=\"cab1863\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul><li><strong>Malware Variant Targeting Linux: <\/strong>The Cl0p ransomware gang first used the malware variant that specifically targets Linux servers during an <a href=\"https:\/\/www.linkedin.com\/pulse\/clop-ransomware-has-been-updated-target-linux-servers-protechmanize\/\" target=\"_blank\" rel=\"noopener\">attack against a university in Colombia<\/a> in December 2022.<\/li><\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ae4ae4e elementor-widget elementor-widget-text-editor\" data-id=\"ae4ae4e\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul><li><strong>Using TrueBot malware in attacks: <\/strong>Securin researchers noticed a spike in infected devices with TrueBot malware downloader, created by a Russian hacking group called Silence. While conducting the analysis our researchers found that\u00a0<a style=\"transition-property: all;\" href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/clop-ransomware-uses-truebot-malware-for-access-to-networks\/\" target=\"_blank\" rel=\"noopener\">Cl0p ransomware used TrueBot malware<\/a> to access networks in an attack. TrueBot, typically is a first-stage module that collects information and takes screenshots, and helps in exfiltration of Active Directory trust relations information that enhances a threat actor\u2019s post-infection activity. In the second phase, a C2 server instructs TrueBot to load shellcode or DLLs in memory, download EXEs, BATs, PS1 files, uninstall itself or execute other modules. In its post-compromise phase, TrueBot is used to drop Cobalt Strike beacons or FlawedGrace or GraceWire malware that is attributed to the TA505 threat group.<\/li><\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d76f9db elementor-widget elementor-widget-text-editor\" data-id=\"d76f9db\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul><li><strong>Operation Cyclone:<\/strong>\u00a0An\u00a0<a style=\"transition-property: all;\" href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/operation-cyclone-deals-blow-to-clop-ransomware-operation\/\" target=\"_blank\" rel=\"noopener\">international law enforcement operation<\/a>\u00a0led by Interpol, with a duration of 30 months, was launched targeting members of the Cl0p ransomware group, leading to the arrest of six key members of the gang and recovery of $185,000 worth of assets.<\/li><\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-734f990 elementor-widget elementor-widget-text-editor\" data-id=\"734f990\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul><li><strong>Cl0p uses Raspberry Robin Worm in Attacks:\u00a0<\/strong>In October 2022, <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/10\/27\/raspberry-robin-worm-part-of-larger-ecosystem-facilitating-pre-ransomware-activity\/#:~:text=In%20October%202022%2C%20Microsoft%20researchers,eventually%20deployed%20the%20Clop%20ransomware.\" target=\"_blank\" rel=\"noopener\">Microsoft researchers observed Raspberry Robin infections<\/a> after Cobalt Strike beacons were dropped by a threat actor tagged as DEV-0950. DEV-0950\u2019s activity also involved a TrueBot infection that eventually deployed Cl0p ransomware.<\/li><\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<div class=\"elementor-element elementor-element-f05ca0c elementor-widget elementor-widget-spacer\" data-id=\"f05ca0c\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-83f93d4 elementor-widget elementor-widget-menu-anchor\" data-id=\"83f93d4\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div id=\"Cl0p-Ransomware-Prevention-and-Cure\" class=\"elementor-menu-anchor\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-45d8730 elementor-widget elementor-widget-heading\" data-id=\"45d8730\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">Cl0p Ransomware - Prevention and Cure<\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6c475fc elementor-widget elementor-widget-text-editor\" data-id=\"6c475fc\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>The Cl0p ransomware group has become ever more prolific after the exploitation of the MOVEit Transfer and GoAnywhere MFT vulnerabilities and has been gaining preference as a favored payload for many threat actors. With this in mind, here are some measures that organizations can adopt to stay safe from a ransomware attack.<\/p><ul><li dir=\"ltr\" aria-level=\"1\">Patch the vulnerabilities used by the group, and ensure no unused ports\/instances are left hanging.\u00a0<\/li><li dir=\"ltr\" aria-level=\"1\">Ensure that they tune into and follow <a href=\"\/category\/threat-intelligence\/\" target=\"_blank\" rel=\"noopener\">weekly threat intelligence<\/a> updates by cybersecurity providers to stay on track with latest developments.<\/li><li dir=\"ltr\" aria-level=\"1\">Set up multi-factor authentication, implement session timeouts, and practice good password hygiene.<\/li><li dir=\"ltr\" aria-level=\"1\">Perform a regular <a href=\"\/attack-surface-management\/\" target=\"_blank\" rel=\"noopener\">Attack Surface Management<\/a> scan to discover exposures in your assets, domain controllers, active directories, servers, and all cloud-connected deployments.<\/li><li dir=\"ltr\" aria-level=\"1\">Perform a <a href=\"\/penetration-testing\/\" target=\"_blank\" rel=\"noopener\">penetration test<\/a> on your systems to identify if they are vulnerable via unidentified exposures.<\/li><li dir=\"ltr\" aria-level=\"1\">Regularly back up data in <a href=\"\/articles\/how-safe-are-storage-devices-from-a-ransomware-attack\/\" target=\"_blank\" rel=\"noopener\">secure storage devices<\/a>.<\/li><\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2f5d883 elementor-widget elementor-widget-spacer\" data-id=\"2f5d883\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-c207054 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"c207054\" data-element_type=\"section\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-c1c0391\" data-id=\"c1c0391\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a2ee62d elementor-widget elementor-widget-heading\" data-id=\"a2ee62d\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">How We Can Help?<\/h3>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-07d49a0 elementor-widget elementor-widget-spacer\" data-id=\"07d49a0\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2949cbd elementor-widget elementor-widget-text-editor\" data-id=\"2949cbd\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>Securin has been researching\u00a0ransomware groups and the methods they use\u00a0to invade networks since 2019. Our comprehensive database of more than 359 vulnerabilities (and counting) used by ransomware groups is the most extensive compilation in the industry today. Securin\u2019s expertise in ransomware research translates into our\u00a0<a style=\"transition-property: all;\" href=\"\/ransomware\/\">Ransomware reports<\/a> and Ransomware Assessment service that can help organizations increase their security posture.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d8cb71a elementor-align-center elementor-widget elementor-widget-button\" data-id=\"d8cb71a\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-lg\" href=\"\/ransomware\/\" target=\"_blank\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t<span class=\"elementor-button-text\">GET STARTED TODAY!<\/span>\n\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Securin experts have observed Cl0p ransomware exploiting a total of 13 vulnerabilities. We deep dive into who they are, their methodology, and tactics.<\/p>\n","protected":false},"author":1,"featured_media":18738,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":""},"categories":[80,117],"tags":[89,688,142,91,149],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/posts\/18610"}],"collection":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/comments?post=18610"}],"version-history":[{"count":66,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/posts\/18610\/revisions"}],"predecessor-version":[{"id":18839,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/posts\/18610\/revisions\/18839"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/media\/18738"}],"wp:attachment":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/media?parent=18610"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/categories?post=18610"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/tags?post=18610"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}