Cyber Security

Ukraine Police Arrested Clop Ransomware Gang And Disrupted Infrastructure

Members of the Clop ransomware gang arrested by the Ukrainian police in conjunction with Interpol and law enforcement from the US and South Korea.

With the help of the malicious program “Clop”, the defendants encrypted the data on the media of companies in the Republic of Korea and the United States. Later on, they demanded money to restore access.

How the Attack is Carried Out

According to the report, “The six defendants carried out attacks of malicious software such as “Ransomware” on the servers of American and Korean companies. For deciphering the data, they demanded a “ransom”, and in case of non-payment, they threatened to disclose the confidential data of the victims”.

The Ukrainian police revealed that it has arrested six people alleged to be part of the financial cybercrime gang FIN11, which is supposed to be at the back of many high-profile cyber-attacks.

These involve the attacks exploiting vulnerabilities in Accellion’s FTA product earlier this year, enabling it to access the system of aircraft manufacturer Bombardier.

John Hultquist, Vice President of analysis, Mandiant Threat Intelligence, outlined: “The Clop operation has been used to disrupt and extort organizations globally in a variety of sectors including telecommunications, pharmaceuticals, oil and gas, aerospace and technology”.

Similar attacks carried out during the year 2019, four Korean companies attacked the Clop encryption virus, as of which 810 internal servers and personal computers of employees were blocked.

In that case, hackers sent e-mails with malicious files to the mailboxes of company employees. The suspects activated malicious software “Cobalt Strike” that provided details about the vulnerabilities of infected servers for further capture. For decrypting the information, the attackers received a “ransom” in cryptocurrency.

Again in 2021, the suspects carried out an attack and encrypted personal data of employees and financial reports of Stanford University Medical School, the University of Maryland, and the University of California. It is said that the total damage reaches about $ 500 million.

Officials Disrupted the Infrastructure

The officers of Law enforcement managed to stop the infrastructure from which the virus is spreading and block the channels of legalization of the cryptocurrency obtained by criminal means.

The report says, the authorities conducted 21 searches in the capital and Kyiv region, in the homes of the defendants and their cars. The Tactical and Operational Response Unit of the Patrol Police was involved in the searches.

“Computer equipment, cars, and about 5 million hryvnias in cash were confiscated. The property of the perpetrators was seized”, according to the statement published.“The arrests made by Ukraine are a reminder that the country is a strong partner for the US in the fight against cybercrime, and authorities there are making the effort to deny criminals a safe harbor”, says John Hultquist.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.


Gurubaran is a Security Consultant, Security Editor & Co-Founder of Cyber Security News & GBHackers On Security.

Recent Posts

Okta Hack: Threat Actors Downloaded all Customer Support System Users’ Data

In a pivotal update to the Okta security incident divulged in October 2023, Okta Security…

7 mins ago

Defend Ransomware Attacks With Top Effective Proactive Measures in 2024

We're currently living in an age where digital threats loom large. Among these, ransomware has…

1 hour ago

GoTitan Botnet Actively Exploiting Apache ActiveMQ Vulnerability

Attackers are exploiting the recently discovered critical security vulnerability tracked as (CVE-2023-46604) affecting Apache ActiveMQ…

18 hours ago

Cybercriminals are Showing Hesitation to Utilize AI When Executing Cyber Attacks

Media reports highlight the sale of LLMs like WormGPT and FraudGPT on underground forums. Fears…

18 hours ago

Vigil: Open-source Security Scanner for LLM Models Like ChatGPT

An open-source security scanner, developed by Git Hub user Adam Swanda, was released to explore…

19 hours ago

Slovenia’s Biggest Power Provider has Suffered a Cyberattack

One of Slovenia's major power providers, HSE, has recently fallen victim to a significant cyberattack.…

19 hours ago