Ukrainian law enforcement officials on Wednesday announced the arrest of the Clop ransomware gang, adding it disrupted the infrastructure employed in attacks targeting victims worldwide since at least 2019.
As part of a joint operation between the National Police of Ukraine and authorities from the Republic of Korea and the U.S., six defendants have been accused of running a double extortion scheme wherein victims refusing to pay a ransom were threatened with the leak of sensitive financial, customer, or personal data stolen from them prior to encrypting the files.
The ransomware attacks amount to $500 million in monetary damages, the National Police said, noting that “law enforcement has managed to shut down the infrastructure from which the virus spreads and block channels for legalizing criminally acquired cryptocurrencies.”
Law enforcement officers are said to have conducted 21 searches in the Ukrainian capital and Kyiv region, including the homes of the defendants and their cars, resulting in the seizure of computer equipment, cars, and 5 million hryvnias ($184,679).
https://www.youtube.com/watch?v=PqGaZgepNTE
The alleged perpetrators face up to eight years in prison on charges of unauthorized interference in the work of computers, automated systems, computer networks or telecommunications networks. It’s, however, not clear if the arrested individuals are affiliates or core developers of the ransomware operation.
Since emerging on the scene in 2019, the Clop threat actor has been linked to a number of high-profile attacks as that of Accellion, Qualys, Software AG IT, ExecuPharm, Indiabulls, as well as a number of universities like Maastricht University, Stanford University Medical School, University of Maryland, and University of California.
The development comes as another ransomware group by the name of Avaddon shuttered operations and handed over the decryption keys associated with 2,934 victims to Bleeping Computer last week, likely in response to heightened scrutiny by law enforcement and governments worldwide after a spate of attacks against critical infrastructure.
Leave a Reply