The Clop ransomware gang was targeted by a thirty-month-long multinational law enforcement investigation called ‘Operation Cyclone,’ which resulted in the previously reported arrests of six Ukrainian members.
New facts on how the operation was carried out, and the law enforcement agencies involved, were released on Friday.
INTERPOL’s Cyber Fusion Centre in Singapore supervised the transatlantic operation known as ‘Operation Cyclone,’ with cooperation from Ukrainian and US law enforcement officials. Clop was targeted in this operation because of its frequent operations against Korean corporations and US academic institutions, in which threat actors encrypt devices and compel organizations to pay a ransom or risk having their data stolen.
Clop launched a massive ransomware attack against E-Land Retail, a South Korean conglomerate and retail behemoth, in December 2020, forcing 23 out of 50 NC Department Store and NewCore Outlet retail locations to shut temporarily. They later claimed to have used point-of-sale malware to steal 2,000,000 credit cards from the firm.
Clop recently exploited a flaw in the Accellion secure file transfer gateway to steal confidential and private material from businesses and institutions. When the ransom demands of $10 million or more were not met, the threat actors made personal information about students from many institutions and schools public.
The University of Colorado, Stanford Medicine, University of Miami, University of Maryland Baltimore (UMB), and the University of California were among the US educational institutions targeted in the Accellion cyberattacks.
Operation Cyclone led to the apprehension of six individuals in Ukraine, searching more than 20 homes, companies, and cars, and confiscating computers and $185,000 in cash assets. It happened because of intelligence sharing among law enforcement agencies and private partners.
Trend Micro, Fortinet, CDI, Palo Alto Networks, Kaspersky Lab, and Group-IB were among the private partners who helped with the operation.
In an announcement, INTERPOL’s Director of Cybercrime Craig Jones said that despite an increase in worldwide ransomware operations, this police-private sector partnership witnessed one of the first online criminal gang arrests, sending a special message to ransomware criminals that we will pursue them no matter where they hide in cyberspace.
The six accused Clop members may face up to eight years in jail if convicted.