Clop Ransomware Now Terminates 663 Processes Before Encrypting Your Files

(Image credit: Shutterstock)

The Clop ransomware has been around since last February, but it's recently evolved into a more advanced and effective piece of software, with Bleeping Computer reporting that it now terminates up to 663 processes before encrypting any files.

Clop terminates processes to prevent a target system from accessing certain files. Disabling more processes means the ransomware can encrypt more files, which should make people even more desperate to pay up so they can regain access to their systems. (Assuming the ransomware operators actually unlock those files.)

Some of the affected processes include Microsoft Office applications, WinRAR, notepad and notepad++, calculator, Adobe Acrobat and far more. In November, Clop was coded to  attempt to disable Windows Defender wherever possible, too. Disabling those processes should allow Clop to encrypt many popular file types.

Just after its debut in February, Clop evolved to attack not only individual systems, but also bigger computer infrastructures. Last month this led to a successful attack on the computer system at the University of Maastricht in the Netherlands, which is still recovering from the attack. The attack disabled almost all Windows systems, and the university is investigating whether the attackers  gained access to any of its scientific data. Russian hacker group TA505 is suspected to be behind the attack.

The best way to defend against Clop--as well as other forms of ransomware--is to run regular backups on external hard drives that aren't used while connected to the internet. Making sure a system's operating system and apps are kept up-to-date should also help to keep it safe from known threats like Clop.

Niels Broekhuijsen

Niels Broekhuijsen is a Contributing Writer for Tom's Hardware US. He reviews cases, water cooling and pc builds.