The Clop ransomware gang has potentially taken a major blow, as six alleged members were arrested by Ukrainian Police in a joint law enforcement operation between Ukraine, the United States and South Korea.
Ukraine’s National Police issued a press release Wednesday that it and the Ukrainian Cyberpolice conducted the local investigation via 21 searches of Clop suspects’ residences and cars in both Kyiv and nearby areas. According to the press release, cars, computer equipment and a total of approximately 5 million hryvnias (about $185,000) was seized from suspects.
Clop (also known as Cl0p), which has been active since early 2019, has extorted hundreds of millions of dollars from organizations and individuals since its inception. The Eastern European gang utilizes the now standard name-and-shame tactics of modern ransomware; it encrypts the user’s files and threatens to publish victim data on the gang’s leak site. Clop’s leak site was launched in March 2020, about a year after its earliest known attack.
The gang is accused in the press release of attacking four Korean companies in 2019, encrypting 810 internal servers and employee personal computers in the process. Clop is also accused of attacking Stanford University’s School of Medicine, the University of Maryland and the University of California with ransomware.
SearchSecurity asked Ukraine’s National Police and Cyberpolice for clarification on this second accusation, as a ransomware attack on the universities conducted by Clop had not been previously reported. In addition, University of Maryland and Stanford both attributed the breaches to Accellion. Neither agency responded to SearchSecurity’s emails.
The arrests were seemingly not a complete takedown of the gang, as Clop’s ransomware leak site remains online. However, the current scope of damage done to Clop’s operations is unknown.
Alexander Culafi is a writer, journalist and podcaster based in Boston.