Ukraine police arrest members of Cl0P ransomware gang

Sicherheit (Pexels, allgemeine Nutzung)[German]Investigators have struck the next blow against cybercriminals by arresting members of the Cl0P ransomware gang in Ukraine. The Cl0P ransomware gang was responsible for infections of Maryland University, and Stanford University, among others. In various operations, ransomware payments worth two billion dollars were extorted from foreign companies.

The official website of the Police of Ukraine provides details of the operation – I received the info from security vendor Emsisoft. As part of a joint operation between the National Police of Ukraine and authorities from the Republic of Korea and the US, six individuals who attacked the servers of US and Korean companies with ransomware have been identified. The Cl0P ransomware gang demanded a "ransom" for the decryption of the data and threatened to expose the victims' documents, which were taken down before the attack, if they did not pay.

In 2019, three Korean companies were attacked with the Clop encryption Trojan. This resulted in 810 internal servers and personal computers of employees being blocked. Hackers distributed electronic lists containing a malicious file on screenshots of company employees. After opening an infected file, the program successively unloaded more programs from the distribution server and proceeded to infect victims' computers via a remote key program "Flawed Ammyy RAT."

Remotely, they activated the "Cobald Strike" malware, which provided information about the vulnerabilities of the compromised servers for further exploitation. For decrypting the information, the attackers received "ransom" in cryptocurrency. In 2021, the attackers encrypted personal information of employees and financial reports of Stanford Medical School, the University of Maryland, and the University of California. Monetary damages from these ransomware attacks amount to $500 million.

Operators arrested

Law enforcement agencies have managed to shut down the infrastructure from which the virus spreads and block channels for legalization of criminally acquired cryptocurrencies. The action of law enforcement agencies reportedly involved 21 searches in the Ukrainian capital and Kiev region. This includes the houses of the defendants and their cars. The action resulted in the seizure of computer equipment, cars and 5 million Griwna (US $184,679).

(Source: YouTube)

More information can be found on the official website of the Police of Ukraine, as well as in this The Hacker News article.

This entry was posted in Security and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *