Windows Defender and Malwarebytes are disabled by Clop Ransomware

A new malware dubbed Clop ransomware is discovered by Vitali Kremez who is a security researcher. And the malware targets Windows systems and attempts to disable security products running on the infected systems. A small program is executed by the malicious code before starting the encryption process. This program is executed to disable security tools running on the infected systems that could detect its operations. Also, it attempts to disable the Windows Defender by configuring the registry values associated with this defense feature.

The researchers have made it clear that if Windows 10 has Tamper Protection enabled then it automatically resets back to their default configuration and Windows Defender will not be disabled. There is a clear view that the malware is targeting the older systems by uninstalling Microsoft Security Essentials. As CryptoMix is run with administrator privileges by the attackers, this command will remove the software without a problem.

Security professionals have also organized many security awareness training programs that will help the victims to defend against Clop ransomware. It will help the organizations to strengthen their digital defenses against phishing campaigns and other common delivery vectors for ransomware. Backup strategy and other security measures are advised to defend the malware.