Clop ransomware was first observed in February 2019 in an attack campaign run by TA505. Since then, it has become one of the most used ransomware in the Ransomware-as-a-Service (RaaS) market until the arrest of suspected Clop members in June 2021. Clop ransomware group uses the double extortion method and extorted nearly $220,000 on average ransom payment from its victims in 2021 Q1. Healthcare is the most targeted industry by Clop ransomware.