clop attacks KSS Enterprises

Incident Date:

April 24, 2022

World map



clop attacks KSS Enterprises


KSS Enterprises




kalamazoo, USA

michigan, USA

First Reported

April 24, 2022

KSS Enterprises Suffers Ransomware Attack by Clop Group

KSS Enterprises, a prominent business services company with a rich history spanning over 75 years, recently fell victim to a ransomware attack orchestrated by the Clop group. This incident was disclosed on the group's dark web leak site, underscoring the persistent threat posed by cybercriminals to businesses across sectors.

Company Background and Attack Details

Operating within the Business Services sector, KSS Enterprises has earned a reputation for excellence, being named one of West Michigan's Best and Brightest Companies to Work For® for more than a decade. The company boasts 11 public showrooms and 7 distribution centers, offering a wide range of over 4,800 SKUs, including custodial supplies and packaging solutions, alongside education and training services.

Despite its success and recognition, KSS Enterprises was not immune to the nefarious activities of the Clop ransomware group. Clop, notorious for its 'double extortion' technique, not only encrypts the victim's data but also exfiltrates and threatens to publish it unless a ransom is paid. This method has been a hallmark of the group since its emergence in 2019, with ties to TA505, a globally recognized phishing and malspam distributor.

Implications and Preventative Measures

The breach of KSS Enterprises' cybersecurity defenses serves as a stark reminder of the importance of maintaining stringent security protocols. Businesses, regardless of size or industry, must prioritize the implementation of advanced cybersecurity measures. This includes the regular updating of antivirus software, the integration of endpoint detection and response (EDR) tools, and the assurance of real-time detection capabilities for all security software.

For further information on enhancing cybersecurity defenses and response strategies, businesses are encouraged to consult resources such as the Cybersecurity & Infrastructure Security Agency (CISA) advisories.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.