Six individuals allegedly associated with the Clop ransomware operation were arrested in a global law enforcement operation, Interpol announced.
Authorities in South Korea, Ukraine, and the United States, under Interpol’s coordination, were involved in the 30-month investigation dubbed Operation Cyclone.
The six arrests were made by Ukrainian law enforcement in June, when a total of 21 police raids were conducted on the homes of suspects, in Kyiv and elsewhere. The authorities seized computer equipment and roughly $185,000 in cash.
As part of Operation Cyclone, in addition to these arrests, authorities issued two Red Notices – internationally wanted persons alerts – that circulated to Interpol’s 194 member countries.
The Clop (aka Cl0p) ransomware threat group was involved in attacks on numerous private and public organizations in Korea, the U.S., and elsewhere, which resulted in access to computer files and networks being blocked.
The group targeted organizations in sectors such as aerospace, education, energy, financial, healthcare, high-tech, manufacturing, telecommunications, and transportation and logistics.
The gang then demanded ransom payments from their victims in exchange for regaining access to the data, and often shamed the compromised organizations on a Tor website, threatening to make public data exfiltrated from their networks during the ransomware attack.
According to Interpol, the six individuals that were arrested helped the ransomware gang transfer and cash-out more than $500 million. They also threatened victim organizations with leaking stolen data if additional payments were not made.
“Despite spiraling global ransomware attacks, this police-private sector coalition saw one of global law enforcement’s first online criminal gang arrests, which sends a powerful message to ransomware criminals, that no matter where they hide in cyberspace, we will pursue them relentlessly,” Interpol’s Director of Cybercrime Craig Jones said.
If found guilty, the six defendants could be sentenced to up to eight years imprisonment.
Related: BlackMatter Ransomware Gang Announces Shutdown
Related: 12 People Arrested Over Ransomware Attacks on Critical Infrastructure
Related: White House Blacklists Russian Ransomware Payment ‘Enabler’

More from Ionut Arghire
- Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty
- Atlassian Warns of Critical Jira Service Management Vulnerability
- Exploitation of Oracle E-Business Suite Vulnerability Starts After PoC Publication
- Google Shells Out $600,000 for OSS-Fuzz Project Integrations
- F5 BIG-IP Vulnerability Can Lead to DoS, Code Execution
- Flaw in Cisco Industrial Appliances Allows Malicious Code to Persist Across Reboots
- HeadCrab Botnet Ensnares 1,200 Redis Servers for Cryptomining
- Malicious NPM, PyPI Packages Stealing User Information
Latest News
- Fraudulent “CryptoRom” Apps Slip Through Apple and Google App Store Review Process
- US Downs Chinese Balloon Off Carolina Coast
- Microsoft: Iran Unit Behind Charlie Hebdo Hack-and-Leak Op
- Feds Say Cyberattack Caused Suicide Helpline’s Outage
- Big China Spy Balloon Moving East Over US, Pentagon Says
- Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty
- Cyber Insights 2023: Venture Capital
- Atlassian Warns of Critical Jira Service Management Vulnerability
