Risky Bulletin Srsly Risky Biz: Clop is a big fish, but not worth hunting
Oct 9, 2025
Tom Uren, a policy and intelligence editor, dives into the intriguing tactics of the Clop ransomware gang. He explains how Clop’s strategy of mass exploitation yields significant profits while being the least harmful form of ransomware. Additionally, Tom discusses the importance of the U.S. government addressing foreign influence operations, providing insights into recent activities by adversarial states. His perspective on steering ransomware behaviors towards less damaging tactics is particularly thought-provoking.
AI Snips
Chapters
Transcript
Episode notes
Clop's Low-Disruption, High-Scale Playbook
- Clop pursues mass exploitation of enterprise edge devices to steal data rather than cause operational disruption.
- That approach yields large payouts while causing less systemic damage than disruptive encrypting ransomware.
Why Theft-Only Ransomware Is Less Harmful
- Clop shifted from locking systems to 'double extortion' and then to pure data theft and publication threats.
- Governments prefer this theft-focused model because it avoids severe operational and economic consequences from encryption-based attacks.
Prioritize The Most Destructive Actors
- Prioritize law enforcement action against the most destructive ransomware groups first.
- Arrest and long sentences for high-impact criminals act as targeted deterrence and shape the ransomware ecosystem.