Regístrese ahora para una mejor cotización personalizada!

Cybersecurity firms provide threat intel for Clop ransomware group arrests

Nov, 07, 2021 Hi-network.com

Further details have been revealed concerning a 30-month investigation designed to disrupt the operations of the Clop ransomware group. 

Security

  • 8 habits of highly secure remote workers
  • How to find and remove spyware from your phone
  • The best VPN services: How do the top 5 compare?
  • How to find out if you are involved in a data breach -- and what to do next

In June, Ukrainian police arrested six suspects in 20 raids across Kyiv and other towns, seizing computers, technology, cars, and roughly$185,000. 

The Ukrainian National Police worked with law enforcement in South Korea on the raid, now known as Operation Cyclone. 

Interpol, an inter-governmental organization focused on facilitating coordinated activities between police agencies worldwide, said last week that Interpol's Cyber Fusion Centre managed the operation in Singapore.

Trend Micro, CDI, Kaspersky Lab, Palo Alto Networks, Fortinet, and Group-IB contributed threat intelligence through the Interpol Gateway project, together with police from Ukraine, South Korea, and the United States. 

South Korean firms S2W LAB and KFSI also contributed Dark Web activity analysis. 

South Korea was particularly interested in the arrests due to Clop's reported involvement in a ransomware attack against E-Land. The ransomware's operators told Bleeping Computer that point-of-sale (PoS) malware was implanted on the Korean retail giant's systems for roughly a year, leading to the theft of millions of credit cards. 

Clop is one of many ransomware gangs that operate leak sites on the Dark Web. The groups will claim responsibility for a ransomware attack and will use these platforms for dual purposes: to facilitate communication with a victim to negotiate a blackmail payment in return for a decryption key -- as well as to conduct further extortion by threatening to leak stolen, sensitive data on the portal if they do not pay up. 

Clop has previously exploited zero-day vulnerabilities in the Accellion File Transfer Appliance (FTA) software, alongside other attack vectors, to claim high-profile victims, including The Reserve Bank of New Zealand, Washington State Auditor, Qualys, and Stanford Medical School. 

The six suspects are also accused of money laundering, as Clop overall is believed to have laundered at least$500 million obtained from ransomware activities. If convicted as part of the notorious group, the defendants face up to eight years behind bars. 

"Despite spiraling global ransomware attacks, this police-private sector coalition saw one of global law enforcement's first online criminal gang arrests, which sends a powerful message to ransomware criminals, that no matter where they hide in cyberspace, we will pursue them relentlessly," commented Craig Jones, Interpol's Director of Cybercrime.

However, it should be noted that the six arrests in Ukraine have not stopped the Clop ransomware group's activities or disrupted its leak site. It is believed the main operators of the ransomware are based in Russia. 

Interpol added that Operation Cyclone "continues to supply evidence that is feeding into further cybercrime investigations and enabling the international police community to disrupt numerous channels used by cybercriminals to launder cryptocurrency."

In recent ransomware news, the US State Department has offered a bounty worth$10 million for information "leading to the identification or location of any individuals holding key leadership positions" in the DarkSide ransomware group. 

Previous and related coverage

  • Ransomware: We need a new strategy to tackle 'exponential' growth, says Interpol.
  • Interpol warns of romance scam artists using dating apps to promote fake investments.
  • US offers$10 million reward for information on DarkSide leaders,$5 million for affiliates.

Have a tip?Get in touch securely via WhatsApp Signal at +447713 025 499, or over at Keybase: charlie0


Featured

We're not ready for the impact of generative AI on electionsThis is the$300 Android phone to beat in 2023 - and it even has a stylus5 things I learned while building my smart homeThe best laptops under$1,000: MacBook, Surface Pro, HP models compared
  • We're not ready for the impact of generative AI on elections
  • This is the$300 Android phone to beat in 2023 - and it even has a stylus
  • 5 things I learned while building my smart home
  • The best laptops under$1,000: MacBook, Surface Pro, HP models compared

tag-icon Etiquetas calientes: tecnología seguridad

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.