The cybercrime department of the Ukrainian police has announced the arrest of six members of the “Clop” ransomware group, one of the most active and damaging ransomware operations of the past year. The arrests came after a close collaboration of the Ukrainian police with their counterparts in South Korea, as well as American investigators. These two companies were heavily hit by Clop, so they followed them closely, trying to locate and identify them.
As shown in the following video, released by the police, the authorities conducted simultaneous raids in the perpetrators' homes and seized computers, smartphones, money bills ($182,700), expensive cars, and all property found on the spot. In total, the law enforcement officers conducted 21 searches in the Kyiv region, the highlights of which are given below. Notably, representatives of the South Korean police were present in the raids, which is a rare sight in cases of this type.
The total damage from the operation of the “Clop” ransomware gang is estimated to reach $500 million. One of the most notable attacks carried out by the particular group of actors this year is the compromise of Bombardier, the large train and airplane manufacturer. The negotiations between Clop and the Canadian firm soon reached a dead end, and the hackers released highly sensitive confidential information as a result.
Now, the six persons arrested in Ukraine face up to eight years in prison and the charges of money laundering, money obtained by criminal means, and unauthorized interference in the operation of computers and computer networks. Eight years for the massive damage done to several companies around the globe definitely sound lenient, but as the investigation unfolds, the arrested hackers may be burdened by more charges.
In the meantime, and as reported by Catalin Cimpanu on The Record, the South Korean police have also filed charges against nine employees of a local computer repair company for planting ransomware onto the computers of unsuspecting customers who brought them in for fixing. In the last year, the scheme made approximately $321,000 in ransomware payments from 40 victims. Notably, this local group was developing its own ransomware strain, used exclusively by them in this peculiar operation.