Cl0p Ransomware Operators Arrested, Estimated Damages Eclipse $500M
Cl0p Operators Arrested in Ukraine, Cause Over $500 Million in Ransomware Damages
On June 16, 2021, Ukrainian Police announced that they arrested six operators of the Cl0p ransomware collective while also seizing their infrastructure. The arrests took place through a coordinated, multinational law enforcement effort involving officials from Ukraine, South Korea, and the US. Cl0p is accused of causing damage amounting to US$500 million.
According to the news bulletin issued by the Ukrainian police, the members of the group were arrested in the Kyiv Region in Ukraine with regional law enforcement able to block the financial chains the group used to launder money obtained from ransoms. The video of the arrests show police officers entering a suburban home and seizing phones and large amounts of cash.
Cl0p Arrests Align with US-Russia Presidential Summit in Geneva
News of the arrests broke the same day as the US-Russia presidential summit in Geneva, Switzerland—an event which is expected to prominently feature diplomatic discussions about recent ransomware attacks and heightening cybersecurity concerns. The recent escalation of ransomware attacks, like DarkSide’s disruption of Colonial Pipelines, has prompted the US to reassess and harden its stance on cyber-related issues, as well as ramp up its rhetoric against Russian authorities, who many view as aiding cybercriminal interests or, more mildly, acting as ineffectual deterrents.
These six Cl0p operator arrests are just the most recent example of Russia’s notable—and frequent—absence in multinational law enforcement takedowns of cybercriminal syndicates. While participation from neighboring countries, like Ukraine, are common in these law enforcement raids, Russia regularly refuses to take part or offer any meaningful form of cooperation or assistance.
Prepare for Ransomware with Flashpoint
Request a demo and see firsthand how Flashpoint’s Threat Response and Readiness offerings ensure your entire team is prepped and able to respond to any ransomware attack. When equipped with Flashpoint’s dedicated ransomware dashboards, you move ahead of ransomware and the cybercriminal groups who deploy it.