Operation Cyclone targets Clop Ransomware affiliates

Operation Cyclone – Six alleged affiliates with the Clop ransomware operation were arrested in an international joint law enforcement operation led by Interpol.

Interpol announced the arrest of six alleged affiliates with the Clop ransomware operation as part of an international joint law enforcement operation codenamed Operation Cyclone.

Law enforcement authorities from South Korea, Ukraine, and the United States, joint their efforts in a 30-month investigation that was coordinated by Interpol.

In June six Ukrainian law enforcement arrested individuals and conducted 21 raids at the homes of suspects, in Kyiv and elsewhere.

The police also seized computers, smartphones, and server equipment were seized, 5 million Ukrainian hryvnias (+$180K) in cash, and several cars, including Tesla, Mercedes, and Lexus models.

Clop ransomware gang has been active since February 2019, it targeted many organizations and universities over the years. Like other ransomware gangs, Clop operators implemented a double-extortion model leaking on their leak sites the data stolen from the victims that refused to pay the ransom.

According to a press release published by Interpol, law enforcement agencies also issued two Red Notices which are issued for fugitives wanted either for prosecution or to serve a sentence.

“Two Red Notices, which are internationally wanted persons alerts, have been circulated to INTERPOL’s 194 member countries following a request by Korea’s cybercrime investigation division via INTERPOL’s National Central Bureau in Seoul. The Notices follow the Ukraine arrest of six members of a notorious ransomware family during a global operation coordinated by INTERPOL with Korean, Ukrainian and US law enforcement authorities in June.” reads the press release published by Interpol. “The global strike – codenamed Operation Cyclone – follows global police investigations into attacks against Korean companies and US academic institutions by the Cl0p ransomware threat group. Cl0p malware operators in Ukraine allegedly attacked private and business targets in Korea and the US by blocking access to their computer files and networks, and then demanded extortionate ransoms for restoring access.“

According to the police, the total damage caused by the reaches $ 500 million. 

The arrested members of the ransomware gang risk up to eight years in prison.

“Despite spiralling global ransomware attacks, this police-private sector coalition saw one of global law enforcement’s first online criminal gang arrests, which sends a powerful message to ransomware criminals, that no matter where they hide in cyberspace, we will pursue them relentlessly,” said INTERPOL’s Director of Cybercrime Craig Jones.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Operation Cyclone)

[adrotate banner=”5″]

[adrotate banner=”13″]