Security News > 2023 > February > Clop ransomware flaw allowed Linux victims to recover files for months
The Clop ransomware gang is now also using a malware variant that explicitly targets Linux servers, but a flaw in the encryption scheme has allowed victims to quietly recover their files for free for months.
Clop's Linux malware is also in early development, as it's still missing proper obfuscation and evasiveness mechanisms, and it is plagued by flaws that make it possible for victims to retrieve their files without paying the crooks any money.
The Linux executable of Clop ransomware creates a new process upon launch, which attempts to elevate permissions to a level that would allow data encryption.
Clop ransomware for Linux is unlikely to become a widespread threat in its current form.
SentinelLabs told BleepingComputer that they had shared their decryptor with law enforcement, so they could help victims recover their files.
Despite its weaknesses, the use of the Linux variant in actual Clop attacks demonstrates that, for the threat actors, having a Linux version, even one that's easy to compromise, is still preferable to not being able to attack Linux systems within the target organizations.