A thirty-month international law enforcement operation codenamed ‘Operation Cyclone’ targeted the Clop ransomware gang, leading to the previously reported arrests of six members in Ukraine.
In June, BleepingComputer reported that Ukrainian law enforcement arrested members of the Clop ransomware gang involved in laundering ransom payments.
This Friday, new information came to light regarding how the operation was conducted and the law enforcement agencies involved.
Interpol’s Operation Cyclone
The transcontinental operation named ‘Operation Cyclone’ was coordinated from INTERPOL’s Cyber Fusion Centre in Singapore, with assistance from Ukrainian and US law enforcement authorities.
This operation targeted Clop for its numerous attacks against Korean companies and US academic institutions, where the threat actors encrypted devices and extorted organizations to pay a ransom or have their stolen data leaked.
In December 2020, Clop conducted a massive ransomware attack against E-Land Retail, a South Korean conglomerate, and retail giant, causing 23 out of 50 NC Department Store and NewCore Outlet retail stores to temporarily close. They later claimed to have stolen 2,000,000 credit cards from the company using point-of-sale malware.
More recently, Clop used a vulnerability in the Accellion secure file transfer gateway to steal confidential and private files of corporations and universities. When $10 million+ ransom demands were not paid, the threat actors publicly released students’ personal information from numerous universities and colleges.
The US education institutions targeted in the Accellion attacks included the University of Colorado, University of Miami, Stanford Medicine, University of Maryland Baltimore (UMB), and the University of California.
Through intelligence sharing between law enforcement agencies and private partners, Operation Cyclone led to the arrest of six suspects in Ukraine, the search of more than 20 houses, businesses, and vehicles, and the seizure of computers and $185,000 in cash assets.
The operation was also assisted by private partners, including Trend Micro, CDI, Kaspersky Lab, Palo Alto…