Six individuals allegedly associated with the Clop ransomware operation were arrested in a global law enforcement operation, Interpol announced.
Authorities in South Korea, Ukraine, and the United States, under Interpol’s coordination, were involved in the 30-month investigation dubbed Operation Cyclone.
The six arrests were made by Ukrainian law enforcement in June, when a total of 21 police raids were conducted on the homes of suspects, in Kyiv and elsewhere. The authorities seized computer equipment and roughly $185,000 in cash.
As part of Operation Cyclone, in addition to these arrests, authorities issued two Red Notices – internationally wanted persons alerts – that circulated to Interpol’s 194 member countries.
The Clop (aka Cl0p) ransomware threat group was involved in attacks on numerous private and public organizations in Korea, the U.S., and elsewhere, which resulted in access to computer files and networks being blocked.
The group targeted organizations in sectors such as aerospace, education, energy, financial, healthcare, high-tech, manufacturing, telecommunications, and transportation and logistics.
The gang then demanded ransom payments from their victims in exchange for regaining access to the data, and often shamed the compromised organizations on a Tor website, threatening to make public data exfiltrated from their networks during the ransomware attack.
According to Interpol, the six individuals that were arrested helped the ransomware gang transfer and cash-out more than $500 million. They also threatened victim organizations with leaking stolen data if additional payments were not made.
“Despite spiraling global ransomware attacks, this police-private sector coalition saw one of global law enforcement’s first online criminal gang arrests, which sends a powerful message to ransomware criminals, that no matter where they hide in cyberspace, we will pursue them relentlessly,” Interpol’s Director of Cybercrime Craig Jones said.
If found guilty, the six defendants could be sentenced to up to eight years imprisonment.
Related: BlackMatter Ransomware Gang Announces Shutdown
Related: 12 People Arrested Over Ransomware Attacks on Critical Infrastructure
Related: White House Blacklists Russian Ransomware Payment ‘Enabler’