Clop ransomware group has reportedly been infecting files that look like medical documents and subsequently requesting medical appointments in hopes of getting victims to open the malicious files, HHS warned in a Jan. 4 analyst note.
Six things to know about the ransomware group, according to HHS:
- Clop operates under a ransomware-as-a-service model.
- The group typically targets organizations with an annual revenue of $5 million or higher.
- Clop is known to be the successor of CryptoMix ransomware, which is believed to have been developed in Russia.
- The group has been infecting files that are disguised to look like medical documents, submitting them to facilities, and then requesting a medical appointment in hopes of the documents being opened and reviewed.
- Clop is using this tactic after the group faced difficulties getting victims to pay out on a ransom.
- HHS said healthcare organizations should remain vigilant and continue to defend against common attack vectors such as known vulnerabilities, credential abuse and phishing.