Ukraine Police Arrested Clop Ransomware Gang And Disrupted Infrastructure

Members of the Clop ransomware gang arrested by the Ukrainian police in conjunction with Interpol and law enforcement from the US and South Korea.

With the help of the malicious program “Clop”, the defendants encrypted the data on the media of companies in the Republic of Korea and the United States. Later on, they demanded money to restore access.

How the Attack is Carried Out

According to the report, “The six defendants carried out attacks of malicious software such as “Ransomware” on the servers of American and Korean companies. For deciphering the data, they demanded a “ransom”, and in case of non-payment, they threatened to disclose the confidential data of the victims”.

The Ukrainian police revealed that it has arrested six people alleged to be part of the financial cybercrime gang FIN11, which is supposed to be at the back of many high-profile cyber-attacks.

These involve the attacks exploiting vulnerabilities in Accellion’s FTA product earlier this year, enabling it to access the system of aircraft manufacturer Bombardier.

John Hultquist, Vice President of analysis, Mandiant Threat Intelligence, outlined: “The Clop operation has been used to disrupt and extort organizations globally in a variety of sectors including telecommunications, pharmaceuticals, oil and gas, aerospace and technology”.

Similar attacks carried out during the year 2019, four Korean companies attacked the Clop encryption virus, as of which 810 internal servers and personal computers of employees were blocked.

In that case, hackers sent e-mails with malicious files to the mailboxes of company employees. The suspects activated malicious software “Cobalt Strike” that provided details about the vulnerabilities of infected servers for further capture. For decrypting the information, the attackers received a “ransom” in cryptocurrency.

Again in 2021, the suspects carried out an attack and encrypted personal data of employees and financial reports of Stanford University Medical School, the University of Maryland, and the University of California. It is said that the total damage reaches about $ 500 million.

Officials Disrupted the Infrastructure

The officers of Law enforcement managed to stop the infrastructure from which the virus is spreading and block the channels of legalization of the cryptocurrency obtained by criminal means.

The report says, the authorities conducted 21 searches in the capital and Kyiv region, in the homes of the defendants and their cars. The Tactical and Operational Response Unit of the Patrol Police was involved in the searches.

“Computer equipment, cars, and about 5 million hryvnias in cash were confiscated. The property of the perpetrators was seized”, according to the statement published.“The arrests made by Ukraine are a reminder that the country is a strong partner for the US in the fight against cybercrime, and authorities there are making the effort to deny criminals a safe harbor”, says John Hultquist.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.