Clop ransomware gang targets SysAid server bug

Clop, a ransomware group, exploited a zero-day vulnerability to attack SysAid servers. SysAid became aware of the issue on November 2nd and issued a patch on November 8th. Microsoft, who first alerted SysAid, warned companies using SysAid to apply the patch and look for signs of exploitation. Clop’s exploitation involved uploading a file which gave them system access, control, and allowed them to erase evidence of their activity.