Clop ransomware gang arrested by Ukraine police

The Clop ransomware gang cybercriminals were apprehended by Ukrainian law enforcement, and its infrastructure, which has been utilized in attacks targeting victims all over the world since at least 2019, was shut down.


According to the National Police of Ukraine’s Cyberpolice Department, the ransomware group is responsible for around $500 million in financial losses.


Law enforcement has also managed to shut down the infrastructure from which the virus spreads, as well as restrict routes for legalizing illegally obtained bitcoins, according to the authorities.


The officers conducted 21 searches in the city and Kyiv region, as well as at the defendants’ houses and vehicles.


The defendants could face up to eight years in jail if found guilty.


The Office of the Prosecutor General of Ukraine continues to conduct investigations and provides procedural instructions.


However, it is unclear if the arrested individuals are ransomware affiliates or core members.


Following an international operation including law enforcement agents from the United States and the Republic of Korea, the cybercriminals were apprehended.


According to the cybersecurity firm Intel 471’s twitter statement, Ukrainian officials arrested only people involved in money laundering for the Clop gang, whose main members are most likely in Russia.


Although this law enforcement scrutiny may result in the CLOP brand being abandoned, the overall impact on CLOP is expected to be small.


Apart from encrypting assaults, the Clop ransomware gang was linked to the latest wave of Accellion data breaches, which resulted in a significant increase in average ransom payments in the first three months of 2021.


Last week, another ransomware group called Avaddon shut down operations and handed over the decryption keys associated with 2,934 victims to BleepingComputer, presumably in response to increased scrutiny by law enforcement and governments around the world following a series of attacks against critical infrastructure.


Clop’s Tor payment site and data leak site remain to be online at this time, indicating that the Clop ransomware gang campaign has not been fully shut down.


Also read: 


 REvil ransomware attacks US nuclear weapons contractor


JBS ransomware attack: paid $11 million to REvil ransomware


Latvian woman charged for developing trickbot banking malware