Cops Cop Cl0p Ransomware Gang (or Maybe Not?)
The National Police of Ukraine is crowing about arresting alleged ransomware scrotes from the Clop gang (styled as Cl0p). With the help of Interpol and law-enforcement from South Korea and the U.S., the Ukrainian cops raided 21 addresses and seized the big three: cash, cars and computers.
But those who follow Clop think it’s based in Russia, not Ukraine. They say the six suspects are more likely to be lower-level goons tasked with money laundering—not the actual ransomware scam scum.
Still, it’s a start. In today’s SB Blogwatch, we turn the key (ask your parents).
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Нам п’ять років.
Just the Monkeys, not the Organ Grinders?
What’s the craic? Hannah Murphy reports—“Ukraine arrests ransomware gang in global cyber criminal crackdown”:
Eight years in prison”
The Ukraine National Police said … it had worked with Interpol and the US and South Korean authorities to charge six members of the Ukraine-based Cl0p hacker group, which it claimed had inflicted half a billion dollars in damages on victims based in the US and South Korea. … Recent targets have included oil company Shell and international law firm Jones Day, as well as several US universities.
…
Governments are under increasing pressure to curb the activities of cyber criminals. This week, US president Joe Biden attended a summit in Geneva with Russia’s president Vladimir Putin. … Some experts allege Moscow allows ransomware criminals to operate with impunity … on the understanding that hackers will not target Russian-speaking organisations, and will share access with the government if called upon.
…
It is unclear whether those arrested were core members of the group or affiliates. The defendants face eight years in prison.
Who can add more detail? Catalin Cimpanu can—“Ukrainian police arrest Clop ransomware members, seize server infrastructure”:
South Korean police officers”
The arrests … come after authorities conducted searches at 21 residences in … the country’s capital and nearby regions. … Authorities reported that they successfully shut down server infrastructure used by the gang members.
…
Computers, smartphones, and server equipment were seized, together with … $185,000, which authorities believe were obtained from ransoming companies across the world. Several expensive cars … were also seized.
…
Incidents with the Clop ransomware have been documented as early as February 2019. The gang is what security researchers would call a “big-game hunter,” a term that describes ransomware groups that go only after large IT networks, [demanding] payments of up to tens of millions of US dollars per victim. … If companies refused to pay, the Clop gang would … threaten to leak victims’ data.
…
Sources close to the investigation [say] South Korean police ramped up its investigation into the gang last year after the Clop gang infected the network of South Korean e-commerce giant E-Land in November 2020, forcing the Korean company to close almost half of its stores. … South Korean police officers were physically present during the raids on Clop suspects this week, something that is customarily left to local law enforcement.
Wait. Pause. Are the suspects really Cl0p kingpins? Intel 471 talked to Sergiu Gatlan—“Ukraine arrests Clop ransomware gang members”:
Expected to be minor”
The law enforcement raids … were limited to the cash-out/money laundering side of CLOP’s business. … We do not believe that any core actors behind CLOP were apprehended. … We believe they are probably living in Russia.
The overall impact to CLOP is expected to be minor. Although this law enforcement attention may result in the CLOP brand getting abandoned as … with other ransomware groups like DarkSide and Babuk.
And Narcocide agrees:
Too smart”
What makes you think they even caught the real hackers? The people doing this are too smart to get caught this way.
Oh. That’s not so good. This Anonymous Coward sees the silver lining:
Scum”
It’s very likely after these raids they will have a good idea who in Russia are the rest of the scum.
Is eight years enough? Another Anonymous Coward thinks not:
Slap on the wrist”
These people need to be executed as an example to the other hackers — it’s the only way we will be able to stop this, it’s too lucrative for a slap on the wrist to be any type of deterrent.
And Paddy Hickey loves to bite: [You’re fired—Ed.]
What the world needs”
As me blessed sainted Irish mother used to say, “Shooting would be too good for them, slow hanging would be far more appropriate.” What the world needs now is more no-nonsense Irish mothers.
But “close friends get to call him” TeeCee alleges an allegation:
Black ops”
What a coincidence that this should happen just after they leaked all that [Bombardier] spyplane stuff, pissing off the west’s intelligence agencies en masse in so doing. … First rule of a successful criminal career: No matter how big, nasty and Teflon-coated you think you are, never step on the toes of any agency with a black ops section.
Meanwhile, two drums and a cymbal fall off a cliff, landing on Tom Paine:
So you could say it’s a case of … clop clipped?
And Finally:
Ukrainian police want you to know: They don’t mess around
You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. E&OE. 30.
Image sauce: National Police of Ukraine, Cyberpolice Department