6 suspected Clop ransomware gang members arrested in Ukraine


The Clop ransomware gang has potentially taken a major blow, as six alleged members were arrested by Ukrainian Police in a joint law enforcement operation between Ukraine, the United States and South Korea.

Ukraine’s National Police issued a press release Wednesday that it and the Ukrainian Cyberpolice conducted the local investigation via 21 searches of Clop suspects’ residences and cars in both Kyiv and nearby areas. According to the press release, cars, computer equipment and a total of approximately 5 million hryvnias (about $185,000) was seized from suspects.

Clop (also known as Cl0p), which has been active since early 2019, has extorted hundreds of millions of dollars from organizations and individuals since its inception. The Eastern European gang utilizes the now standard name-and-shame tactics of modern ransomware; it encrypts the user’s files and threatens to publish victim data on the gang’s leak site. Clop’s leak site was launched in March 2020, about a year after its earliest known attack.

Clop ransomware Ukraine arrest
The Clop law enforcement operation was conducted in collaboration with South Korean and U.S. police.

Two of the largest attacks the group has been tied to include a ransomware attack against German enterprise software vendor Software AG and the breach of cloud service vendor Accellion.

The gang is accused in the press release of attacking four Korean companies in 2019, encrypting 810 internal servers and employee personal computers in the process. Clop is also accused of attacking Stanford University’s School of Medicine, the University of Maryland and the University of California with ransomware.

SearchSecurity asked Ukraine’s National Police and Cyberpolice for clarification on this second accusation, as a ransomware attack on the universities conducted by Clop had not been previously reported. In addition, University of Maryland and Stanford both attributed the breaches to Accellion. Neither agency responded to SearchSecurity’s emails.

The arrests were seemingly not a complete takedown of the gang, as Clop’s ransomware leak site remains online. However, the current scope of damage done to Clop’s operations is unknown.

Alexander Culafi is a writer, journalist and podcaster based in Boston.

Products You May Like

Articles You May Like

What is a VPN and Can it Hide My IP Address?
Microsoft researcher found Apple 0-day in March, didn’t report it
Phases of a Post-Intrusion Ransomware Attack
Apple Releases Urgent 0-Day Bug Patch for Mac, iPhone and iPad Devices
Score a free month of Extra Crunch with your TC Sessions: SaaS 2021 pass

Leave a Reply

Your email address will not be published. Required fields are marked *