DETECTO/ThreatDossier
DashboardPricingThreatsRun Free ScanSign In
DETECTO/ThreatDossier

Security intelligence for MSPs, consultants, and businesses. Find breached credentials, compliance gaps, and exposed infrastructure before attackers do.

Product

  • Scan a Domain
  • Pricing
  • Dashboard
  • Sign In

Resources

  • Threat Intelligence
  • Ransomware Groups

Legal

  • Privacy Policy
  • Terms of Service

© 2026 DETECTO. All rights reserved.

Threats/Groups/Cl0p

Cl0p

Active

clop

First seen: 2020-03-13T00:00:00+00:00Total victims: 1,254

The ransomware group known as Cl0p is a variant of a previously known strain dubbed CryptoMix. It is worth noting that this variant was delivered as the final payload in a phishing campaign in 2019 and was exclusively financially motivated, with attacks carried out by the threat actors TA505.<br> <br> At that time, malicious actors sent phishing emails that led to a macro-enabled document that would drop a loader called 'Get2.' After gaining an initial foothold in the system or infrastructure, the actors began using reconnaissance, lateral movement, and exfiltration techniques to prepare for the deployment of the ransomware.<br> <br> After the execution of the ransomware, Cl0p appends the extension '.clop' to the end of files, or other types of extensions such as '.CIIp, .Cllp, and .C_L_O_P,' as well as different versions of the ransom note that were also observed after encryption. Depending on the variant, any of the ransom text files were created with names like 'ClopReadMe.txt, README_README.txt, Cl0pReadMe.txt, and READ_ME_!!!.TXT.'<br> <br> The Clop operation has shifted from delivering its final payload via phishing and has begun initiating attacks using vulnerabilities that resulted in the exploitation and infection of victims' infrastructures.<BR>Source: https://github.com/crocodyli/ThreatActors-TTPs

0Total Victims
0Countries Targeted
0Sectors Targeted
0Avg Attacks/Month

Activity Timelinelast 24 months

Top Targeted Sectors

Top Targeted Countries

Recent Victimsshowing 50 of 1254

NameCountrySectorDate
INJURYLAWYERS.COMUSBusiness Services2026-05-01T18:19:36.481569+00:00
INTEGRALIFE.COMUSHealthcare2026-05-01T18:19:16.075583+00:00
AIGHEALTHCARE.ININHealthcare2026-03-30T07:59:47.092937+00:00
CLOUD.CLEARWAYGROUP.COM—Technology2026-03-30T07:58:56.663916+00:00
DAD.CO.THTHTechnology2026-02-14T10:55:58.163302+00:00
THEMORTGAGEFIRM.COMUSFinancial Services2026-02-14T10:55:21.878217+00:00
FISHWINDOWCLEANING.COMUSBusiness Services2026-02-14T10:54:45.654361+00:00
SOLUTIONSINSAFETY.COM—Business Services2026-02-14T10:54:09.499258+00:00
BOYDEN.COMUSBusiness Services2026-02-14T10:53:30.649260+00:00
CFDT.FRFRPublic Sector2026-02-14T10:52:54.020049+00:00
SPOHNASSOCIATES.COMUSTechnology2026-02-14T10:52:17.980381+00:00
GARNERGROUP.NET—Not Found2026-02-14T10:51:40.888817+00:00
THEPERPETUAL.COMUSTechnology2026-02-14T10:51:05.419369+00:00
AIGBUSINESS.COM—Financial Services2026-02-14T10:50:30.865171+00:00
HYDEPARKUMC.ORGUSEducation2026-02-14T10:49:54.969440+00:00
GIACARE.COMUSHealthcare2026-02-14T10:49:20.607509+00:00
GIASPACE.COMUSTechnology2026-02-14T10:48:45.544479+00:00
ONESUPPORT.COMUSTechnology2026-02-14T10:48:09.594250+00:00
HUDSONSUSTAINABLE.COMUSEnergy2026-02-14T10:47:31.906931+00:00
GOKALLIT.COM—Technology2026-02-14T10:46:55.448234+00:00
CHEHARDY.COMUSNot Found2026-02-14T10:46:18.699261+00:00
RBDCONSTRUCTION.COMUSConstruction2026-02-14T10:45:44.483880+00:00
BROADREACHRETAIL.COMUSConsumer Services2026-02-14T10:45:08.827784+00:00
BE09.FRFRNot Found2026-02-14T10:44:33.397357+00:00
SMITHIPSERVICES.COM—Business Services2026-02-14T10:43:59.280846+00:00
PROACTIVEMEDICAL.COMUSHealthcare2026-02-14T10:43:22.852924+00:00
ITARCHITECHS.COMUSTechnology2026-02-14T10:42:46.496954+00:00
HUDSONEXECUTIVE.COMUSFinancial Services2026-02-14T10:42:11.956342+00:00
ANSTECHINC.COMUSTechnology2026-02-14T10:41:34.408242+00:00
MNKASSOCIATES.COM—Not Found2026-02-07T21:14:06.719824+00:00
VIPPLLC.COM—Not Found2026-02-07T21:13:31.630405+00:00
TRJLTD.CO.UKUKNot Found2026-02-07T21:12:56.344297+00:00
STRATEGICOBJECTIVES.COMCABusiness Services2026-02-07T21:12:22.220121+00:00
IDEALWELDERS.COMCAManufacturing2026-02-07T21:11:44.642504+00:00
CROWDEDISLAND.COM—Not Found2026-02-07T21:11:08.025195+00:00
DUKOSI.COMGBTechnology2026-02-07T21:10:33.217938+00:00
CONWEST.COMCANot Found2026-02-07T21:09:55.346952+00:00
NGATTORNEYS.COM—Not Found2026-02-07T21:09:20.089291+00:00
LABINF.ITITTechnology2026-02-07T21:08:45.361753+00:00
AUGUSTEA.COMITTransportation/Logistics2026-02-07T21:08:09.024162+00:00
MEDIAWORLD.COM.HKHKTechnology2026-02-07T21:07:32.512119+00:00
WARDHAVENCAPITAL.COM—Financial Services2026-02-07T21:06:58.373814+00:00
LONGHORNORGANICS.COMUSAgriculture and Food Production2026-02-07T21:06:22.078039+00:00
DCSNORWAY.COMNONot Found2026-02-07T21:05:44.664396+00:00
SHACKELFORD.LAW—Business Services2026-02-07T21:05:09.949285+00:00
SERVE-CLOUD.COM—Technology2026-02-07T21:04:33.267392+00:00
MARK-FINN.CO.UKUKConstruction2026-02-07T21:03:57.264331+00:00
EMEG.CO.UKUKBusiness Services2026-02-07T21:03:19.725186+00:00
LOGICALMICRO.COMGBTechnology2026-02-07T21:02:30.590625+00:00
HODERO HOLDINGS LTDBMNot Found2026-02-07T21:01:55.604930+00:00

Data from ransomware.live