The cybercrime group was busted last week in connection with Clop (or Cl0p) ransomware attacks against numerous companies over the past several months, assisted in the laundering of $500 million for a number of malicious actors through various illegal operations.
The Ukraine Cyber Police apprehended six people in Kyiv on June 16, citing the arrests as the outcome of an international investigation involving law enforcement agencies from Korea, the United States, and Interpol.
While the arrest was seen as a major setback for the Clop gang’s activities, the hackers released a new batch of confidential employee records stolen from a previously unknown victim on their dark web portal earlier this week, raising the possibility that the arrested suspects were affiliates with a minor role in the operations.
Binance, a cryptocurrency exchange, played a key role in the recent arrests of Clop ransomware group members, assisting law authorities in their efforts to identify and apprehend the offenders.
Binance refers to the gang as FANCYCAT and claims that the offenders were laundering money obtained from ransomware attacks and other illegal acts.
“Based on our analysis, we found that this specific group was not only associated with laundering Cl0p attack funds, but also with Petya and other illegally-sourced funds. This led to the identification and eventual arrest of FANCYCAT”, Binance says in their blog post.
FANCYCAT was responsible for cashing out and laundering money gained illegally by the Clop ransomware cartel by penetrating and extorting victims, according to Binance’s findings, validating prior reports from Intel 471.
Clop is one of several ransomware gangs that get into businesses, distribute ransomware that encrypts files and servers, and then demand a ransom payment in exchange for a digital key that allows them to access the systems.
Binance has been enhancing its capabilities for detecting and analyzing cybercriminal cash out activities as a result of fraudsters using legitimate cryptocurrency exchanges to launder money.
Binance was able to identify suspicious activity on its service and construct a cluster of suspects using its anti-money laundering detection and analytics program.
The cryptocurrency exchange service could acquire a better understanding of the group’s on-chain activity and link it to the Clop ransomware gang by collaborating with two chain analytics companies (TRM Labs and Crystal).