Several members of the Clop ransomware group arrested in Ukraine

A joint police operation, involving the Ukrainian, Korean and American police forces, today resulted in the arrest of six people suspected of being behind the Clop ransomware. The Police do not specify the role of the people arrested in the group. The Ukrainian authorities have released a video showing the various arrests and seizures made as part of this operation.

The group behind the Clop ransomware is known for its involvement in numerous attacks since the beginning of 2019. The Anssi had identified this actor and published a report about him in 2019. A variant of the Clop ransomware is suspected of having been used in the attack targeting the Rouen University Hospital in November of the same year. “In 2021, the defendants attacked and encrypted employee personal data and financial reports from Stanford University Medical School, the University of Maryland and the University of California,” the Ukrainian police statement said.

According to Bleeping Computer, the group was also involved in several incidents related to the exploitation of flaws in Accellion File Transfer Appliance. In these cases, the members of the group were not seeking to encrypt the data but simply to steal it, demanding a ransom to avoid publication of the data on its site. According to Ukrainian police, the damage caused by the group is estimated at 500 million dollars.

End clop?

The group has since specialized in high-profile targets and practiced, like other groups of the same ilk, the technique of double extortion, which consists of encrypting the computer system of its targets while stealing information, in order to force them to pay the ransom. The investigation that led to the arrests nonetheless originated in South Korea, according to The Record: in 2019, four Korean companies were victims of ransomware, which encrypted their systems before demanding payment of a ransom in exchange for the decryption key. A new Korean victim in 2020 would have accelerated the investigations, according to a source close to the file cited by The Record.

Ukrainian police say the suspects face sentences of up to 8 years in prison if found guilty. She adds to having seized the IT infrastructure of the group, although the site used by the Clop group to distribute the stolen data to its victims is still online today.

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker.