The goal of Operation Cyclone, led by Interpol, was to eliminate the Clop group.
For two and a half years, law enforcement agencies in several countries carried out Operation Cyclone, the goal of which was to eliminate the cyber ransomware group Clop. As part of the operation in June 2021, Clop members were arrested on the territory of Ukraine, whose duties included laundering the money received from the victims.
Recently, details were published about how the operation was carried out and which law enforcement agencies were involved in it.
Transcontinental Operation Cyclone was coordinated by Interpol's Cyber Fusion Center in Singapore with the participation of the Cyber Police Department of the National Police of Ukraine and US law enforcement agencies. Its goal was to eliminate the Clop group, which carried out numerous cyberattacks on American and South Korean companies and scientific organizations.
After infecting devices in the attacked organization, the Clop ransomware encrypted them and demanded a ransom for decryption. In case of non-payment, the extortionists threatened to publish the data stolen from the victim.
In December 2020, the group attacked the South Korean trade conglomerate E-Land Retail, which forced 23 of its 50 stores to temporarily shut down. The ransomware also claimed that they stole the data of 2 million bank cards from the company using malware for PoS terminals.
This year, the group attacked companies and universities in the United States through a zero-day vulnerability in Accellion FTA and stole confidential files. If the victim refused to pay a ransom of more than $ 10 million, the ransomware released the stolen data publicly.
Thanks to the joint efforts of law enforcement agencies and private partners (including Trend Micro, CDI, Kaspersky Lab, Palo Alto Networks, Fortinet and Group-IB), six suspects were arrested in Ukraine. Searches were also carried out in more than 20 houses, offices and vehicles, computers and $ 185 thousand in cash were seized.
According to Intel 471, although the arrested suspects are indeed connected with Clop, their only duty was to launder money, while the backbone of the group is in Russia. If convicted, the suspects face a sentence of imprisonment for up to eight years.
For two and a half years, law enforcement agencies in several countries carried out Operation Cyclone, the goal of which was to eliminate the cyber ransomware group Clop. As part of the operation in June 2021, Clop members were arrested on the territory of Ukraine, whose duties included laundering the money received from the victims.
Recently, details were published about how the operation was carried out and which law enforcement agencies were involved in it.
Transcontinental Operation Cyclone was coordinated by Interpol's Cyber Fusion Center in Singapore with the participation of the Cyber Police Department of the National Police of Ukraine and US law enforcement agencies. Its goal was to eliminate the Clop group, which carried out numerous cyberattacks on American and South Korean companies and scientific organizations.
After infecting devices in the attacked organization, the Clop ransomware encrypted them and demanded a ransom for decryption. In case of non-payment, the extortionists threatened to publish the data stolen from the victim.
In December 2020, the group attacked the South Korean trade conglomerate E-Land Retail, which forced 23 of its 50 stores to temporarily shut down. The ransomware also claimed that they stole the data of 2 million bank cards from the company using malware for PoS terminals.
This year, the group attacked companies and universities in the United States through a zero-day vulnerability in Accellion FTA and stole confidential files. If the victim refused to pay a ransom of more than $ 10 million, the ransomware released the stolen data publicly.
Thanks to the joint efforts of law enforcement agencies and private partners (including Trend Micro, CDI, Kaspersky Lab, Palo Alto Networks, Fortinet and Group-IB), six suspects were arrested in Ukraine. Searches were also carried out in more than 20 houses, offices and vehicles, computers and $ 185 thousand in cash were seized.
According to Intel 471, although the arrested suspects are indeed connected with Clop, their only duty was to launder money, while the backbone of the group is in Russia. If convicted, the suspects face a sentence of imprisonment for up to eight years.
