Live Latest activity →
CL

clop

Known ransomware group

Also known as: Cl0p, TA505

Dormant / low-volume

Clop (Cl0p) is a long-running cybercrime operation infamous for mass-exploitation campaigns against managed file-transfer software, including the MOVEit, GoAnywhere, and Accellion FTA zero-days. Linked to the FIN11/TA505 ecosystem, it has shifted toward pure data-theft extortion at enormous scale.

2

Total Claims

1

Critical

Records Claimed

2

Industries Hit

Active span: May 1, 2026 – May 1, 2026 · 2 organizations targeted

Dormant / low-volume
Activity 3.0 Severity 6.3 Sectors 3.7 Tooling 6.2

Actor Threat Profile

Activity Timeline

Peak: May 2026 (2)
May 2026
LessMore
May 2026

Share this profile

Shareable intel card for clop

Top Targeted Industries

Healthcare 1
Business Services 1

Tradecraft & Infrastructure

0

Documented tools

11 / 31

MITRE tactics / techniques

3

Known leak sites

Full intelligence profile on ransomware.live →

Targeted Organizations

INTEGRALIFE.COMINJURYLAWYERS.COM

Claims by clop

Critical

Ransomware Claim: INTEGRALIFE.COM

INTEGRALIFE.COM
clop
Ransomware Healthcare
May 2, 2026
Low

Ransomware Claim: INJURYLAWYERS.COM

INJURYLAWYERS.COM
clop
Ransomware Business Services
May 2, 2026

Never Miss a Critical Alert

CVE advisories, breach reports, and threat intel — delivered daily to your inbox.