Interpol has shared new information regarding a thirty-month international law enforcement operation named 'Operation Cyclone' that led to the arrest of six members of the Clop ransomware gang in June of this year.
The operation was launched following global police investigations into attacks against Korean companies and US academic institutions by the Cl0p ransomware group, where the malicious actors encrypted devices and extorted organizations to pay a ransom or have their stolen data leaked.
The global operation was coordinated fr om Interpol’s Cyber Fusion Centre in Singapore, with assistance fr om Ukrainian and U.S. law enforcement agencies. The operation resulted in the arrest of six suspects in Ukraine, with the police conducting searches of more than 20 houses, businesses and vehicles. Property and computers, as well as $185,000 in cash assets were seized during the raids.
The six suspects are believed to be tightly linked to a Russian-language Cl0p ransomware gang, wh ere they were primarily involved in the money laundering for the cybercriminal group. If convicted, the six suspects face up to eight years in prison.
“Despite spiralling global ransomware attacks, this police-private sector coalition saw one of global law enforcement’s first online criminal gang arrests, which sends a powerful message to ransomware criminals, that no matter wh ere they hide in cyberspace, we will pursue them relentlessly,” said Interpols’s Director of Cybercrime Craig Jones.
Responding to the escalation in ransomware attacks, law enforcement agencies have been steadily increasing pressure on cybercriminal organizations, which led to numerous arrests and infrastructure takedowns. Earlier this month, Europol said that 12 individuals were arrested on suspicion of launching ransomware attacks against critical infrastructure and large corporations that affected over 1,800 victims in 71 countries.
In October, two suspected ransomware operators involved in targeted attacks against over 100 entities in Europe and North America were arrested in Ukraine.
Last week, the malicious actors behind the BlackMatter ransomware announced that they are shutting down the operation due to the pressure from the authorities.