Ukrainian police said on June 16 that it detained a group of hackers blamed for ransomware attacks that cost its victims — South Korean and U.S. firms — over $500 million. The criminals face up to eight years in prison for violating computer crime and money-laundering laws.
After two dozes raids in and around Kyiv, police arrested six gang members linked to the ransomware cartel Clop. During the searches at the homes of criminals, law enforcement officers from Ukraine, South Korea and the U.S. seized computer equipment, several cars, including Tesla and Mercedes, and about $185,000 in cash.
According to the police, hackers attacked four South Korean companies in 2019 and major U.S. universities, including Stanford University, University of Maryland and University of California, in 2021. The gang demanded ransom in cryptocurrency in exchange for victims’ stolen data. To get this data, hackers sent malware-infected phishing emails to the companies’ employees, the police said.
The video shows one of the police raids conducted at the home of a hacker linked to the ransomware cartel Clop. During two dozen raids, law enforcement officers seized computer equipment, several cars, including Tesla and Mercedes, and about $185,000 in cash.
Although Clop is not “a top-tier ransomware” hacker, the methods it used to attack foreign companies are “fairly sophisticated,” according to Allan Liska, a ransomware analyst at the U.S. cybersecurity company Recorded Future. The Ukrainian police said that it managed to shut down the system used by the gang to launch previous attacks.
The news about the arrest of notorious cyber criminals spread quickly across the globe: the major media outlets in the U.S. and Europe, including the Washington Post, Financial Times and BBC, reported it.
According to them, it was the first time national police have carried out mass raids on ransomware cartel, “adding to pressure on other countries to follow suit.”
Governments around the world are trying to curb the growing number of ransomware attacks that in recent years have turned into a business. Hackers, usually based in Eastern Europe, target foreign businesses, universities, government agencies and even critical infrastructure like hospitals and gas stations.
In May, for example, they broke into the email service of the U.S. Agency for International Development and sent phishing emails to 3,000 employees of human rights groups, nonprofits and think tanks around the world. Another ransomware attack temporarily crippled one of the U.S.’s largest fuel pipelines, Colonial Pipeline. In June, Russia-linked hackers targeted the world’s largest meat processing company JBS, affecting thousands of workers and the company’s global supply chain.
Ransomware crime has existed for decades, but countries still don’t know how to negotiate with hackers. The U.S. FBI said that hacked businesses shouldn’t pay the ransom, while many ransomware negotiators claim that it depends on the sensitivity of the stolen information.
Although ransomware attacks are not frequently reported in Ukraine, the country is among the regions with the highest number of malware encounters in Eastern Europe, according to the data shared with the Kyiv Post by Microsoft Ukraine. In the last 30 days, Microsoft detected over 1.4 million infected devices in Ukraine, compared to 810,000 in Poland, 506,000 in Romania and 345,000 in Belarus.
Ukrainian experts said that Ukraine is not fully prepared to deter cyberattacks that usually target critical infrastructure (like transport, telecommunication and public health), courts, armed forces and state services like the Cabinet of Ministers or the President’s office.