CLOP Ransomware Suspects Busted in Ukraine – Money and Motors Seized

Clop Ransomware Suspects Busted in Ukraine - Money and Motors Seized

Ukrainian police have arrested six people allegedly linked to the infamous CLOP ransomware gang. The police have finally reached them after nearly two dozen raids across different parts of the country. As the news broke out, a wave of celebration sparked globally, especially in South Korea and the US. It was established that six defendants conducted malicious attacks such as ransomware on the servers of both Korean and American companies. They demanded ransom for the decryption of data and threatened to publish confidential data of victims in case of non-payment.


Do you want to test the real-world effectiveness of your security control while protecting your brand and ensuring compliance? LIFARS will help you to find vulnerabilities in your infrastructure.


The Quantum of Damage Caused by CLOP Ransomware Group

A statement issued by Ukrainian cyber police states that the CLOP ransomware group has inflicted nearly $500 million worth of damage on organizations. The ransomware gang caused damage by infecting organizations with ransomware.

The Method of Conducting Cyberattacks

The hacking group has supposedly leveraged a penetration testing tool named Cobalt Strike in conducting malicious attacks. It is a tool that has become quite popular among malicious hackers to compromise organizations. The police statement confirms that the suspects activated Cobalt Strike while using remote access. For further capture, the malicious software helped offer crucial information about the vulnerabilities of infected servers. The police statement further added that the CLOP ransomware gang also used Flawedammyy to deploy a remote access trojan. Once deployed it ensured access to the network of the victim.

A Joint Operation

Ukraine authorities stated that the suspects were apprehended in joint raids conducted with South Korean and American law enforcement. South Korean law enforcement officers were noticeably visible during the joint raid. Their presence during the operation is likely because four Korean companies identified as victims by the Ukrainian police. The reason for having US law enforcement is that the CLOP ransomware suspects attacked and scrambled the personal information of employees and encrypted the financial reports of Stanford University Medical School, the University of California, and the University of Maryland.

The arrests made by a joint team hint at a strong Ukraine relationship with the US in the fight against cybercrime which is a positive development since cooperation like this will deny criminals a safe harbor. The case under discussion is relevant, considering the recent discussions by Vladimi Putin and President Joe Biden. The continuation of cyberattacks without major state actors showing seriousness to the issue will deter people’s everyday lives across the globe.

Recovery After the Raid

The joint operation concluded in the seizure of miscellaneous collection of items. It includes five million Ukrainian currency (approximately $200,000), Apple Mac laptops and desktops, mobile phones, and several cars (Mercedes AMG-63 and high-end Tesla). The authorities claimed to have shut down the server infrastructure exploited by the members of hackers to initiate earlier attacks.


It is a positive development to witness nation states working together to identify and capture suspected members of the CLOP ransomware gang. International cooperation can pave the way to arrest cyber criminals involved in cross-border cybercrimes. Subsequently, they can get charged according to the local laws caught in a specific country.

Contact us 24/7 to receive Post Ransomware Threat Hunting Services.




Suspects behind CLOP ransomware caught in Ukraine

Ukrainian police have charged suspects linked with CLOP ransomware

Ukrainian cyber police statement

Suspects behind CLOP ransomware got charged by Ukrainian police

Ukraine police arrested six CLOP ransomware gang suspects with South Korean and the US law enforcement agencies

Suspects linked with CLOP ransomware got arrested by Police in Ukraine