The Ukrainian cops have conducted almost two dozen raids that targeted the alleged associates of the Clop ransomware gang. The ransomware gang is a Russian-speaking group that has been blamed for a half-billion dollars cyber attack as well as extortion in the United States and South Korea.
On Wednesday, a police statement mentioned that 21 raids had been conducted on the suspects’ residences affiliated directly with the Clop ransomware gang. This ransomware syndicate has been in Kyiv and various other places globally, bearing computer equipment and around $185,000 cash, all of which have been seized.
The Korean and the U.S. companies that had been affected by the Clop ransomware gang yielded six defendants. These defendants face up to eight years of imprisonment for violating the money laundering laws and computer crime, mentioned the statement. It did not mention whether any of the suspects have been detained and noted that the investigation was ongoing.
Even the Clop dark web leak website stayed online for hours following the announcement of the raids. It suggested that the gang’s internet infrastructure is possibly still intact. The most capable ransomware group operating with the Kremlin tolerance has based out of the reach of Western law enforcement. Russia never extradites or prosecutes them.
The video posted by the Ukrainian police revealed that the Korean police have been taking part in the current week’s raids, where cars, cell phones and cash were also seized. The police statement mentioned four Korean companies that the Clop ransomware gang hit with the malware scrambled data that can only be retrieved using a software key acquired by the paying criminals after the ransom has been paid. It mentioned that the gang targeted the major U.S. universities such as the University of Maryland and Stanford Medical School, amongst many.
“Wednesday’s raid is a continuation of the much more aggressive posture that law enforcement has taken against ransomware gangs this year,” said analyst Allan Liska of the cybersecurity firm, Recorded Future. “It really does feel like law enforcement has figured out how to attack the ransomware scourge, and hopefully, will slow down the attacks.”
Following the previous month’s attack on the Colonial Pipeline had massively affected the fuel shipments to the U.S. East Coast. The White House started taking the ransomware criminals like that of the terrorists. This is the sole reason why many of them are now lying low. The actual culprit behind the Colonial attack hid behind the bush. It was coincidental that another ransomware group at that time announced their retirement, the Avaddon.
Cybersecurity analysts always caution that such retirements and their announcements are not at all new and can be a medium to thwart law enforcement. However, this is done when the criminals progress and create the latest products with various brands.
While some arrests have been conducted and the ransomware infrastructure has been disabled in the past few months, no kingpins have been snared.
The clop ransomware is one of the most commonly known malware for extortion by threatening to publish the stolen data. The Clop ransomware gang has already published the names of 65 victims to its extortion website on the dark web since August, as mentioned.
In some of the cases, the ransomware gang has also extorted the victims with the data that it may have acquired indirectly, as in purchased from the third-party cyber thieves. This is precisely what the security researchers anticipate to have happened with the following:
- Universities of Colorado and Miami
- Rail transport company CSX Corporation
- Kroger grocery and pharmacy chain
- Canadian aircraft maker Bombardier
- Prominent law firm Jones Day
These data had been stolen in a software tool hack that the Californian firm Accellion created and used to manage the large email attachments.
Source: Press Herald
Disclaimer: Read the complete disclaimer here.