Six individuals allegedly associated with the Clop ransomware operation were arrested in a global law enforcement operation, Interpol announced.
Authorities in South Korea, Ukraine, and the United States, under Interpol’s coordination, were involved in the 30-month investigation dubbed Operation Cyclone.
The six arrests were made by Ukrainian law enforcement in June, when a total of 21 police raids were conducted on the homes of suspects, in Kyiv and elsewhere. The authorities seized computer equipment and roughly $185,000 in cash.
As part of Operation Cyclone, in addition to these arrests, authorities issued two Red Notices – internationally wanted persons alerts – that circulated to Interpol’s 194 member countries.
The Clop (aka Cl0p) ransomware threat group was involved in attacks on numerous private and public organizations in Korea, the U.S., and elsewhere, which resulted in access to computer files and networks being blocked.
The group targeted organizations in sectors such as aerospace, education, energy, financial, healthcare, high-tech, manufacturing, telecommunications, and transportation and logistics.
The gang then demanded ransom payments from their victims in exchange for regaining access to the data, and often shamed the compromised organizations on a Tor website, threatening to make public data exfiltrated from their networks during the ransomware attack.
According to Interpol, the six individuals that were arrested helped the ransomware gang transfer and cash-out more than $500 million. They also threatened victim organizations with leaking stolen data if additional payments were not made.
“Despite spiraling global ransomware attacks, this police-private sector coalition saw one of global law enforcement’s first online criminal gang arrests, which sends a powerful message to ransomware criminals, that no matter where they hide in cyberspace, we will pursue them relentlessly,” Interpol’s Director of Cybercrime Craig Jones said.
If found guilty, the six defendants could be sentenced to up to eight years imprisonment.
Related: BlackMatter Ransomware Gang Announces Shutdown
Related: 12 People Arrested Over Ransomware Attacks on Critical Infrastructure
Related: White House Blacklists Russian Ransomware Payment ‘Enabler’

More from Ionut Arghire
- Google Leads $16 Million Investment in Dope.security
- Critical WooCommerce Payments Vulnerability Leads to Site Takeover
- PoC Exploit Published for Just-Patched Veeam Data Backup Solution Flaw
- CISA Gets Proactive With New Pre-Ransomware Alerts
- CISA, NSA Issue Guidance for IAM Administrators
- Cisco Patches High-Severity Vulnerabilities in IOS Software
- ‘Nexus’ Android Trojan Targets 450 Financial Applications
- ‘Badsecrets’ Open Source Tool Detects Secrets in Many Web Frameworks
Latest News
- Intel Co-founder, Philanthropist Gordon Moore Dies at 94
- Google Leads $16 Million Investment in Dope.security
- US Charges 20-Year-Old Head of Hacker Site BreachForums
- Tesla Hacked Twice at Pwn2Own Exploit Contest
- CISA Ships ‘Untitled Goose Tool’ to Hunt for Microsoft Azure Cloud Infections
- Critical WooCommerce Payments Vulnerability Leads to Site Takeover
- PoC Exploit Published for Just-Patched Veeam Data Backup Solution Flaw
- CISA Gets Proactive With New Pre-Ransomware Alerts
