Clop ransomware is back into action after the recent police operation

A week after the law enforcement operation that targeted the Clop ransomware operators, the gang is back into action.

A week after the international operation conducted by law enforcement that targeted several members of the Clop ransomware gang, the group is back into action.

Last week, Ukraine police arrested multiple individuals that are believed to be linked to the Clop ransomware gang as part of an international operation conducted by law enforcement from Ukraine, South Korea, and the US.

The Ukrainian authorities did not disclose the number of members of the gang that have been arrested.

The law enforcement agencies from the involved countries shut down infrastructure used by the ransomware gang in its operations, the police also conducted searches at 21 houses in Kyiv.

The police also seized computers, smartphones, and server equipment were seized, 5 million Ukrainian hryvnias (+$180K) in cash, and several cars, including Tesla, Mercedes, and Lexus models.

Clop ransomware gang has been active since February 2019, it targeted many organizations and universities over the years. Like other ransomware gangs, Clop operators implemented a double-extortion model leaking on their leak sites the data stolen from the victims that refused to pay the ransom.

A few days after the operations conducted by the authorities, the ransomware gang made the headlines again by releasing the data stolen from new victims.

This circumstance suggests that the people arrested by the police were not members of the core team that resumed the operations.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]