The Cl0p ransomware operation has attacked 21 new organizations in April, making it the fourth most active ransomware gang last month, after months of dormancy, according to BleepingComputer. Industrial and tech organizations accounted for 45% and 27% of Cl0p ransomware attacks, respectively, according to a report from NCC Group. "There were notable fluctuations in threat actor targeting in April. While Lockbit 2.0 (103 victims) and Conti (45 victims) remain the most prolific threat actors, victims of Cl0p increased massively, from 1 to 21," said NCC Group. However, the report noted the relative inactivity of Cl0p based on ID Ransomware service submissions, prompting suspicions that Cl0p's disclosure of new victims is part of a shutdown process, similar to what has been observed amid the ongoing shutdown of the Conti ransomware operation. Cl0p, which had been involved in the widespread Accellion data breaches, had its infrastructure taken down by an Interpol-coordinated law enforcement operation last June.