The Clop ransomware operation is back in business despite recent arrests in Ukraine. Hackers have begun listing new victims on their data leak site.
Law enforcers in Ukraine jointly with the US, and South Korea arrested a number of Clop Ransomware gang members during an international operation last week. Law enforcers in Ukraine have been raiding homes and seizing various property, such as high-end cars and electronic equipment.
Ukrainian police stated that the arrests dealt a significant blow to Clop operation involved in money laundering and ransoms. Law enforcement said it shut down the networks used by criminals to distribute and illegally gain access to cryptocurrencies:
“Together, law enforcement has managed to shut down the infrastructure from which the virus spreads and block channels for legalizing criminally acquired cryptocurrencies,” said the press statement.
The Clop operation has been quiet for a week, but yesterday, the gang released the details of two new victims.
According to Intel 471, the ransomware operation is likely to continue despite the arrests of some low-importance individuals involved in the money laundering operations:
The raids in Ukraine were focused on the company’s money-laundering operations, Intel 471 said at the time: “We do not believe that any core actors behind CLOP were apprehended and we believe they are probably living in Russia.”
The impact of the law enforcement attention on CLOP is expected to be minor, though it could result in the brand getting abandoned, as DarkSide and Babuk did.
Law enforcement agencies have dealt a blow to several ransomware groups this year. Law enforcers in Ukraine and Bulgaria seized servers and arrested ransomware members from ransomware operations, Netwalker and Egregor respectively.
While the FBI has arrested a lead developer for the popular TrickBot ransomware. The developer was responsible for developing a new operation that used the trojan to launch a new ransomware campaign.