Cybersecurity firms provide threat intel for Clop ransomware group arrests

[embedded content]

Further details have been revealed concerning a 30-month investigation designed to disrupt the operations of the Clop ransomware group. 

In June, Ukrainian police arrested six suspects in 20 raids across Kyiv and other towns, seizing computers, technology, cars, and roughly $185,000. 

The Ukrainian National Police worked with law enforcement in South Korea on the raid, now known as Operation Cyclone

Interpol, an inter-governmental organization focused on facilitating coordinated activities between police agencies worldwide, said last week that the operation was managed by Interpol’s Cyber Fusion Centre in Singapore.

Trend Micro, CDI, Kaspersky Lab, Palo Alto Networks, Fortinet, and Group-IB contributed threat intelligence through the Interpol Gateway project, together with police from Ukraine, South Korea, and the United States. 

South Korean firms S2W LAB and KFSI also contributed Dark Web activity analysis. 

South Korea was particularly interested in the arrests due to Clop’s reported involvement in a ransomware attack against E-Land. The ransomware’s operators told Bleeping Computer that point-of-sale (PoS) malware was implanted on the Korean retail giant’s systems for roughly a year, leading to the theft of millions of credit cards. 

Clop is one of many ransomware gangs that operate leak sites

Read More: