Clop Ransomware Tries to Remove Malwarebytes

[sman]

Clop Ransomware Tries to Remove Malwarebytes, Native Security Tools From Infected PCs

"https://securityintelligence.com/news/clop-ransomware-tries-to-remove-malwarebytes-native-security-tools-from-infected-pcs/"

The newly discovered Clop ransomware attempts to remove Malwarebytes and other native security tools from the Windows machines it infects.

According to Bleeping Computer, security researcher and reverse engineer Vitali Kremez found that Clop ransomware ran a small program before initiating its encryption routine on an infected Windows machine. The purpose of the program was to disable numerous security tools running on the computer so that it could effectively encrypt a victim’s data.

For instance, the threat attempted to disable Windows Defender by configuring the Registry values so as to disable behavior monitoring, real-time protection and other security processes. These settings would return to normal if victims had Tamper Protection in Windows 10, however.

Clop, a variant of the CryptoMix ransomware family, also attempted to disable Malwarebytes’ standalone Anti-Rasomware product, which is now retired, using a command that sought to prevent the tool from restarting.

[DavidNorfolk]

The obvious question, does or will current Malwarebytes offer any protection against Clop? I could implement Controlled Folder Access but I am a bit wary of how long it might take and what else might then stop working....

[exile360]

Greetings,

Yes, it should, however nothing is guaranteed obviously since any threat (including a particular variant/family of ransomware as well as the exploits and other methods used to distribute/install it) can and often do change frequently, however with the multiple layers of defense in Malwarebytes Premium your odds should be good against this and other threats of this type.

Additionally, while the article references the standalone Malwarebytes Anti-Ransomware as being targeted by this threat, it is highly doubtful that it would succeed in removing and/or disabling Malwarebytes Premium thanks to the self-protection and other defensive measures included with Malwarebytes Premium (and that is assuming that the threat is even able to bypass detection or blocking by any of Malwarebytes protection components and successfully installs and loads into memory on the system to attempt to do so).

[DavidNorfolk]

Thanks. Reassuring 🙂