Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

CLOP Ransomware Information

    • Updated:
    • 7 Jan 2020
    • Product/Version:
    • Apex One 2019
    • Deep Discovery Email Inspector 3.5
    • Deep Security 12.0
    • InterScan Messaging Security Suite 9.1
    • OfficeScan XG
    • Worry-Free Business Security Advanced 10.0
    • Worry-Free Business Security Standard 10.0
    • Platform:

RANSOM is the Trend Micro detection for most ransomware. Most ransomware are known to restrict the user from fully accessing the system. It also encrypts files and demands a ransom to be paid in order to decrypt or unlock the infected machine.

Ransomware infects computers through various means. Most of ransomware come as a macro or JavaScript attachment in spammed email. Some are delivered as a link, also in spammed email. Others are delivered by exploit kits. Some others are delivered via malvertisements or compromised websites.

To prevent ransomware, users should use protection that also covers against spam and malicious links. Also, make sure to regularly create backup copies of all important files.

This Trojan arrives as an attachment to email messages spammed by other malware/grayware or malicious users. It may be unknowingly downloaded by a user while visiting malicious websites. It may arrive using one or multiple arrival methods.


  • Resides in memory
  • Created mutex
  • Created multiple copies of a file
  • Process Termination


  • Backdoor commands


  • Compromise system security - with backdoor capabilities that can execute malicious commands

Infection Routine


Click image to enlarge.


File Reputation

Detection/Policy/RulesPattern Branch/VersionRelease Date
BKDR_CLOP.A5.883.00April 7, 2009
BKDR_CLOP.WA6.893.00March 4, 2010
BKDR_CLOP.WC6.875.00February 25, 2010
Ransom.Win32.CLOP.D14.831.00February 22, 2019
Ransom.Win32.CLOP.D14.831.00February 22, 2019
Ransom.Win32.CLOP.F14.847.00March 2, 2019 
Ransom.Win32.CLOP.F.note14.847.00March 2, 2019 
Ransom.Win32.CLOP.M15.275.00August 3, 2019
Ransom.Win32.CLOP.THBAAAI14.807.00February 11, 2019
Trojan.BAT.CLOP.A14.857.00March 7, 2019 
Trojan.BAT.CLOP.A.component14.831.00February 22, 2019
Trojan.Win32.CLOP.A.note15.275.00August 3, 2019

Behavior Monitoring

Pattern Branch/VersionRelease Date

Predictive Machine Learning

DetectionPattern Branch/Version

Web Reputation

Detection/Policy/RulesPattern Branch/Version
URL ProtectionIn-the-cloud

Solution Map - What should customers do?

ProductLatest VersionVirus PatternAntispam PatternNetwork PatternBehavior MonitoringPredictive Machine LearningWeb Reputation
Apex One2019Update Pattern via
web console
N/AN/AEnable Behavior Monitoring and
update pattern via
web console
Enable Predictive Machine LearningEnable Web Reputation Service and
update pattern via
web console
Worry-Free Business SecurityStandard (10.0)
Advanced (10.0)
Deep Security12.0Update pattern via
web console
Deep Discovery Email Inspector3.5Update pattern via
web console
Update pattern via
web console
InterScan Messaging Security9.1
InterScan Web Security6.5
ScanMail for Exchange14.0
Deep Discovery Inspector5.5N/A


Make sure to always use the latest pattern available to detect the old and new variants of CLOP malware.

Threat Report

Threat Encyclopedia: CLOP (search)


Narrowed Sights, Bigger Payoffs: Ransomware in 2019

Remove a Malware / Virus
Solution Id:
Did this article help you?

Thank you for your feedback!

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.