Security researcher Vitali
The malicious code executes a small program, just before starting the encryption process, to disable security tools running on the infected systems that could detect its operations.
The malicious code also attempted to disable the Windows Defender by configuring the registry values associated with this defense feature.
“In order to successfully encrypt a victim’s data, the Clop CryptoMix Ransomware is now attempting to disable Windows Defender as well as remove the Microsoft Security Essentials and Malwarebytes’ standalone Anti-Ransomware programs.” reads the post published by BleepingComputer.
“Clop is a variant of the CryptoMix Ransomware, that uses the Clop extension and signs its CIopReadMe.txt ransom note with “Dont Worry C|0P”. Due to this, the ransomware has become known as Clop Ransomware”
Clop is a variant of the CryptoMix ransomware, Kremez noticed that it also attempts to disable Malwarebytes’ standalone Anti-Rasomware product.
In machines with Tamper Protection enabled in Windows 10, the registry values will be reset back to their default configuration, and Windows Defender will be enabled again.
The malicious code also targets older computers by uninstalling Microsoft Security Essentials.
“According to an internal source contacted by 76actu
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.