top of page

Linux Systems Targeted By Notorious Ransomware Hacking Group

Published: April 01, 2023 on our newsletter Security Fraud News & Alerts Newsletter.

A well-known ransomware group is focusing its efforts on Linux systems, a noticeable departure from their previous attacks on Windows operating systems. It’s a sign the notorious Clop hacking group continues to grow its ransomware campaigns despite prior efforts to shut the group down.

Clop’s shift to Linux systems indicates the group sees a lucrative future with Linux as more organizations are moving their cloud-based operations to the platform. Businesses currently using or switching to Linux systems need to be aware of Clop’s new focus for its ransomware attacks and plan their cybersecurity defenses accordingly.

At the moment, a flaw in Clop’s data encryption process for the Linux ransomware is a setback for the group and a temporary reprieve for those targeted. The flaw allows victims to recover their encrypted data without paying a ransom for the decryption key. Experts believe Clop’s shortcomings with this ransomware’s new version are temporary, and the malware is currently seen as actively developing in the wild. As such, the Linux ransomware isn’t as devastating in its current form as it will be when completed.

Linux Systems: An Emerging Ransomware Target

It’s wise to assume Clop isn’t the only ransomware group looking to incorporate attacks against Linux systems. A SentinelOne researcher views the move by cybercriminals to include targeting Linux users as “Ransomware groups are constantly seeking new targets and methods to maximize their profits. Being widely used in enterprise environments, Linux and cloud devices offer a rich pool of potential victims…Therefore, ransomware groups targeting Linux and cloud systems is a natural progression in their quest for higher profits and easier targets…”

Experts say similar ransomware infection methods used against Windows systems, exploiting hijacked passwords, usernames, and phishing campaigns, are likely similar for Linux attacks. Organizations should back up their data and keep it separated from their operations environments and off the Internet, if possible. Always keep security patches and updates current, as they often fix vulnerabilities that enable ransomware and other malware attacks to succeed.

Clop Survives the Law

Two years ago, six members of Clop ransomware group were arrested after an Interpol international investigation and collaboration with law enforcement agencies in the United States and Republic of Korea came to fruition. It’s believed the ransomware group was behind nearly $500 million in paid ransoms at the time.

Clop’s current foray into Linux systems shows the group’s determination to live long and prosper, despite efforts to shut the group down.

Keep up to date: Sign up for our Fraud alerts and Updates newsletter

Want to schedule a conversation? Please email us at

3 views0 comments
bottom of page