According to the Ukrainian police, a group of hackers used ransomware to extort money from a foreign company in the United States and South Korea. And authorities claim that hackers decrypted stolen data using ‘Cl0p encryption’ software and asked for payment for the access key. The ‘Cl0p’ ransomware organization is referred to as a ‘big game hunter’ because of its size. The gang and its members are accused of carrying out assaults against oil major Shell, US bank Flagstar, and others. ‘Cl0p’ is part of a larger conglomerate known as ‘TA505,’ and groups like ‘F1N11’ use ransomware created by the organization.
Suspects used double-extortion and then threatened victims. If the victims did not pay the ransom amount asked by the suspects, their data would be leaked. Six suspects are speculated to have hacked 810 computers at an undisclosed South Korean firm in 2019. The University of Maryland, Stanford University Medical School, and the University of California have all been accused of hacking and encrypting personal data. For the hack, threat actors utilized the ‘Flawedammyy RAT’ program.
Total damages are expected to be over $500 million, according to police. It is still unknown whether anyone was arrested during the operation which was carried out by Ukrainian police in collaboration with US and South Korean officials. Officials further said that local cyber police were able to shut down the virus’s distribution infrastructure and restrict roads for approving cryptocurrency ransom payments. The suspect’s homes and vehicles were searched in 21 explorations in and around Ukraine’s capital city ‘Kyiv’. The police seized almost $180,000 in cash, all of which was held in Ukrainian currency.
Ukrainian law enforcement does not say whether the accused are gang members or just affiliates. The accused were only said to be employing the malicious software ‘Cl0p.’
– Navya Swarup
Member, Reporter’s Committee, WCSF