The Clop ransomware gang was the focus of a three-and-a-half-year global law enforcement operation known as ‘Operation Cyclone’.
Clop ransomware was detected in early 2019 and has since been linked to a number of high-profile incidents, like the breach on ExecuPharm in the United States, as well as the data breach at Accellion, where hackers exploited flaws in the IT provider’s software to steal data from dozens of its customers, including the University of Colorado and cloud security vendor Qualys.
The Ukrainian law enforcement detained members of the Clop ransomware group who were involved in ransom payment laundering.
The Intercontinental operation was led by INTERPOL’s Cyber Fusion Centre in Singapore, with cooperation from Ukrainian and US law enforcement.
The global strike – codenamed Operation Cyclone – follows global police investigations into attacks against Korean companies and US academic institutions by the Cl0p ransomware threat group.
Cl0p malware operators in Ukraine allegedly attacked private and business targets in Korea and the US by blocking access to their computer files and networks, and then demanded extortionate ransoms for restoring access.
The suspects are thought to have facilitated the transfer and cash-out of assets on behalf of the ransomware group whilst also