VERY IMPORTANT

SentinelLabs has observed the first Linux variant of Cl0p ransomware. The ELF executable contains a flawed encryption algorithm making it possible to decrypt locked files without paying the ransom. SentinelLabs has published a free decryptor for this variant here. SentinelLabs observed the first ELF variant of Cl0p (also known as Clop) ransomware variant targeting Linux systems on the 26th of December 2022. The new variant is similar to the Windows variant, using the same encryption method and similar process logic.