The Cl0p Ransomware Gang's Attack on Aspen Technology

The Cl0p ransomware gang has attacked Aspen Technology. Aspen Technology, Inc., commonly known as AspenTech, is an American software company that provides solutions and services to the process industries. Founded in 1981 and based in Bedford, Massachusetts, AspenTech has become a leading software and digital solutions provider for engineering, manufacturing, and operations in various sectors, including oil and gas, chemicals, pharmaceuticals, energy, and other process-intensive industries.

Cl0p posted Aspen Technology to its data leak site on July 13th, claiming to have stolen 46GB of organizational data but provided no further information.

Cl0p: A Major Ransomware-as-Service Platform

Cl0p is a major Ransomware-as-service (RaaS) platform first observed in 2019. Cl0p is a dangerous ransomware family because it has advanced anti-analysis capabilities and anti-virtual machine analysis to prevent investigations in an emulated environment like those commonly used by security tools. Cl0p is one of just a handful of threat actors that have developed a Linux version.

While Linux has a tiny footprint in desktop computing, it runs ~80% of web servers and a substantial portion of embedded devices used in the healthcare field – and this means that Cl0p is likely actively recruiting new talent to help improve their platform and expand the scope of what and whom they can attack.