Ukraine Police expose hackers who targeted US, South Korean firms and universities

Ukraine police on June 16 said that they had exposed a hacker group who carried out ransomware attacks on several foreign companies as well as universities between 2019 and 2021. After carrying out over 20 raids against the alleged ransomware hackers from a group named ‘Clop’ which targetted the United States and South Korea, the Cyber Police Department of the National Police of Ukraine confirmed that six arrests have been made. However, it still remains unclear if the defendants are affiliates or the core developers of the ransomware operation. 

The Ukrainian law enforcement accused the group of running a “double extortion” scheme in which targets that refuse to pay the ransom are threatened with the leak of stolen data from their network before the files are encrypted. The police also said that it seized equipment from the gang which according to authorities were behind total financial damages of about $500 million. The confiscated items include computer equipment, several cars such as Tesla, Mercedes and 5 million Ukrainian Hryvnia or nearly $185,000 in cash.

Ukraine Police said in a statement on Wednesday, “The hacker group was exposed by officers of the Cyberpolice Department together with the Main Investigation Department of the National Police. The perpetrators were exposed as part of an international operation to promote and coordinate Interpol (IGCI), and together with law enforcement officials from the Republic of Korea and the United States.”

“It was established that six defendants carried out attacks of malicious software such as "Ransomware" on the servers of American and Korean companies. For deciphering the data, they demanded a "ransom", and in case of non-payment, they threatened to disclose the confidential data of the victims,” it added.

Attacks first began in February 2019

The police also elaborated that these attacks by ‘clop; first began in February 2019 when the victims included four Korean companies and the hackers encrypted 810 internal services and personal computers. As per the Tech Crunch report, Clop or what is often styled as “Cl0p” has been linked to a range of high-profile ransomware attacks with targets including the United States pharmaceutical giant ExecuPham in April 2020 and Korean e-commerce giant E-Land in November. The police also said, “In 2021, the suspects carried out an attack and encrypted personal data of employees and financial reports of Stanford University Medical School, the University of Maryland and the University of California.”

IMAGE: Unsplash/@NPU_GOV_UA/Twitter