Security researcher Vitali
The malicious code executes a small program, just before starting the encryption process, to disable security tools running on the infected systems that could detect its operations.
The malicious code also attempted to disable the Windows Defender by configuring the registry values associated with this defense feature.
“In order to successfully encrypt a victim’s data, the Clop CryptoMix Ransomware is now attempting to disable Windows Defender as well as remove the Microsoft Security Essentials and Malwarebytes’ standalone Anti-Ransomware programs.” reads the post published by BleepingComputer.
“Clop is a variant of the CryptoMix Ransomware, that uses the Clop extension and signs its CIopReadMe.txt ransom note with “Dont Worry C|0P”. Due to this, the ransomware has become known as Clop Ransomware”
Clop is a variant of the CryptoMix ransomware, Kremez noticed that it also attempts to disable Malwarebytes’ standalone Anti-Rasomware product.
In machines with Tamper Protection enabled in Windows 10, the registry values will be reset back to their default configuration, and Windows Defender will be enabled again.
The malicious code also targets older computers by uninstalling Microsoft Security Essentials.
“According to an internal source contacted by 76actu