Six things to know about the ransomware group, according to HHS:
- Clop operates under a ransomware-as-a-service model.
- The group typically targets organizations with an annual revenue of $5 million or higher.
- Clop is known to be the successor of CryptoMix ransomware, which is believed to have been developed in Russia.
- The group has been infecting files that are disguised to look like medical documents, submitting them to facilities, and then requesting a medical appointment in hopes of the documents being opened and reviewed.
- Clop is using this tactic after the group faced difficulties getting victims to pay out on a ransom.
- HHS said healthcare organizations should remain vigilant and continue to defend against common attack vectors such as known vulnerabilities, credential abuse and phishing.
