A ransomware gang in Ukraine, Cl0p, has been arrested by authorities on Wednesday, June 16. After a joint operation from law enforcement agencies, multiple suspects have been detained in South Korea, Ukraine, and the United States.
Ransomware Gang Arrested
The Cyber Police Department of the National Police of Ukraine confirmed that there were six arrested made after they searched over 21 residences in Kyiv and nearby areas.
While it is not clear whether the defendants are affiliates or core developers of the ransomware operation, they are accused of running a double extortion scheme, threatening victims who refused to pay to leak the stolen data ere stolen.
Ukraine's police force said in a statement that the six defendants carried out attacks of malicious software on the servers of American and South Korean companies.
This includes several cars and computer equipment. In addition, police claim to have shut down the server infrastructure that the gang members used to launch attacks.
The attacks started in February 2019, when the group attacked four South Korean companies and encrypted 810 internal services and personal computers.
The Cl0p gang has been linked to numerous high-profile ransomware attacks, including the breach of U.S. pharmaceutical company ExecuPharm in April 2020 and an attack on the South Korean e-commerce company E-Land in November 2020.
Clop gang is also connected to the ransomware attack at Accellion. The hackers exploit flaws in the I.T. provider's File Transfer Appliance or FTA software to steal data from the customers, according to Tech Crunch.
The victims of this breach include Jones Day law firm, Singaporean telecom company Singtel, grocery store chain Kroger, and the cybersecurity firm Qualys.
The dark web portal that the gang uses to share stolen data is still running, but it has not been updated for weeks, according to Financial Times.
However, law enforcement usually replaces the targets' websites with their logo in the event of a successful takedown, which suggests that the gang members are still active.
John Hultquist, the vice president of analysis at Mandiant's threat intelligence unit, said that the Clop operation had been used to disrupt and extort organizations worldwide in various sectors, including pharmaceuticals, telecommunications, oil, and gas, technology, and aerospace.
Hultquist added that the actor FIN11 had been associated with the operation, including ransomware and extortion. Still, it is not clear if the arrests included FIN11 actors or others who may also be linked with the operation.
Hultquist noted that the efforts of the Ukrainian police show that the country has a strong partnership with the U.S. in the fight against cybercrime.
The six suspects face up to eight years in prison on charges of unauthorized interference in the work of computers, computer networks, automated systems, or telecommunications networks and laundering property obtained by criminal means.
This article is owned by Tech Times
Written by Sophie Webster