Pentera adds Cl0p ransomware testing for Windows & Linux

Pentera has introduced Cl0p ransomware testing to its platform, allowing organisations to assess their defences against this strain on both Windows and Linux systems.

The new capability enables security teams to validate their ability to prevent, detect, and respond to attacks that replicate tactics used by the Cl0p group. This addition follows previous support for testing against ransomware families such as Lockbit 3.0, Maze, REvil, and Conti.

Cl0p has remained highly active in 2025, with analysts reporting that it was responsible for 19% of global ransomware attacks in the first quarter of the year, and that 83% of victims were located in North America. The group is recognised for exploiting zero-day vulnerabilities to penetrate enterprise environments and exfiltrate sensitive data through extortion campaigns.

The platform's approach to ransomware testing involves simulating each step of the attack cycle - known as the kill chain - including infiltration, privilege escalation, lateral movement, data extraction, and encryption activities. This approach is designed to be safe for use in production environments, ensuring that organisations can evaluate their security postures without risking operational disruption.

Ran Tamir, Chief Product Officer at Pentera, commented on the importance of this new capability for security leaders seeking to validate their defences.

"CISOs are under pressure to prove the ransomware readiness of their organizations, but most still have no safe or practical way to do it," said Ran Tamir, Chief Product Officer at Pentera. "With the addition of Cl0p to Pentera's growing suite of ransomware campaign coverage, security teams can validate their resilience against one of the most dangerous ransomware groups. Security teams gain a clear and actionable view of their security posture against ransomware - What defenses and policies are working, and where can threat actors exploit gaps in their security."

Pentera's RansomwareReady platform is built to simulate the tactics, techniques, and procedures (TTPs) used in real-world ransomware attacks, leveraging their indicators of compromise (IOCs) to assess detection and alert systems. This includes step-by-step remediation guidance to help organisations address and close security gaps that are discovered during testing exercises.

The company noted that its platform now covers ransomware campaign scenarios across both major operating systems, reflecting the tendency of threat groups such as Cl0p to pursue cross-platform capabilities as part of their evolving modus operandi. By running these tests, security teams can review the effectiveness of their endpoint protection measures, security operations centre processes, segmentation strategies, and incident response plans under realistic threat conditions.

The platform is designed to operate without jeopardising production resources, using a safe-by-design methodology that enables organisations to replicate the full ransomware attack lifecycle in a controlled manner. This allows defenders to observe how their existing tools and processes respond to each phase of a simulated ransomware incident, from initial access to data encryption attempts.

According to Pentera, these proactive security validation measures are integral to Continuous Threat Exposure Management (CTEM), enabling businesses to identify points of vulnerability and prioritise remediation efforts to lower overall risk.

The company's addition of Cl0p ransomware tests forms part of its ongoing expansion of threat coverage, aimed at equipping security professionals with the tools needed to validate controls against the latest cybercriminal methodologies observed in the wild.