Ukrainian police have arrested six people allegedly linked to the infamous CLOP ransomware gang. The police have finally reached them after nearly two dozen raids across different parts of the country. As the news broke out, a wave of celebration sparked globally, especially in South Korea and the US. It was established that six defendants conducted malicious attacks such as ransomware on the servers of both Korean and American companies. They demanded ransom for the decryption of data and threatened to publish confidential data of victims in case of non-payment.
The Quantum of Damage Caused by CLOP Ransomware Group
A statement issued by Ukrainian cyber police states that the CLOP ransomware group has inflicted nearly $500 million worth of damage on organizations. The ransomware gang caused damage by infecting organizations with ransomware.
The Method of Conducting Cyberattacks
The hacking group has supposedly leveraged a penetration testing tool named Cobalt Strike in conducting malicious attacks. It is a tool that has become quite popular among malicious hackers to compromise organizations. The police statement confirms that the suspects activated Cobalt Strike while using remote access. For further capture, the malicious software helped offer crucial information about the vulnerabilities of infected servers. The police statement further added that the CLOP ransomware gang also used Flawedammyy to deploy a remote access trojan. Once deployed it ensured access to the network of the victim.
A Joint Operation
Ukraine authorities stated that the suspects were apprehended in joint raids conducted with South Korean and American law enforcement. South Korean law enforcement officers were noticeably visible during the joint raid. Their presence during the operation is likely because four Korean companies identified as victims by the Ukrainian police. The reason for having US law enforcement is that the CLOP ransomware suspects attacked and scrambled the personal information of employees and encrypted the financial reports of Stanford University Medical School, the University of California, and the University of Maryland.
The arrests made by a joint team hint at a strong Ukraine relationship with the US in the fight against cybercrime which is a positive development since cooperation like this will deny criminals a safe harbor. The case under discussion is relevant, considering the recent discussions by Vladimi Putin and President Joe Biden. The continuation of cyberattacks without major state actors showing seriousness to the issue will deter people’s everyday lives across the globe.
Recovery After the Raid
The joint operation concluded in the seizure of miscellaneous collection of items. It includes five million Ukrainian currency (approximately $200,000), Apple Mac laptops and desktops, mobile phones, and several cars (Mercedes AMG-63 and high-end Tesla). The authorities claimed to have shut down the server infrastructure exploited by the members of hackers to initiate earlier attacks.
Conclusion
It is a positive development to witness nation states working together to identify and capture suspected members of the CLOP ransomware gang. International cooperation can pave the way to arrest cyber criminals involved in cross-border cybercrimes. Subsequently, they can get charged according to the local laws caught in a specific country.
Contact us 24/7 to receive Post Ransomware Threat Hunting Services.
References
Suspects behind CLOP ransomware caught in Ukraine
Ukrainian police have charged suspects linked with CLOP ransomware
Ukrainian cyber police statement
Suspects behind CLOP ransomware got charged by Ukrainian police
Suspects linked with CLOP ransomware got arrested by Police in Ukraine