Interpol, the International Criminal Police Organization, recently shared the details of the codenamed Cyclone operation. It resulted in six persons` arrest in June this year and two Red Notices issued by international law enforcement. The whole operation and investigation lasted all 30 months under the lead of Ukraine, Korea and the US. Suspects allegedly worked on behalf of the Cl0p ransomware threat group. They facilitated the cash out and transfer of money and made threats to victims.
Operation Cyclon meant to stop the work of Cl0p ransomware hackers
Cyber security specialists first spotted the Cl0p in 2019. Since then they targeted numerous organizations among them the University of California and Stanford. Hackers also attacked international law firm Jones Day, oil company Shell and US bank Flagstar. Usual method of work for this threat group was to send fake emails. For these they used stolen data to make the emails themselves look legit.
During the operation the Ukrainian police searched 20 houses, vehicles and businesses. Also local law enforcement carried out the confiscation of computers and property. In addition police seized USD 185,000 in cash assets. Following the arrests Interpol sent each INTERPOL’s 194 member countries two red notices, which means internationally wanted persons. INTERPOL’s Cyber Fusion Centre in Singapore coordinated the whole operation where stakeholders shared intelligence in an interactive environment.
“Despite spiralling global ransomware attacks, this police-private sector coalition saw one of global law enforcement’s first online criminal gang arrests, which sends a powerful message to ransomware criminals, that no matter where they hide in cyberspace, we will pursue them relentlessly,” said in a statement INTERPOL’s Director of Cybercrime Craig Jones.
If convicted on their counts, suspects will receive eight years in prison. In recent years ransomware started to pose a serious threat to organizations and companies around the world. Hackers every time improve their methods of work and begin to demand whooping amounts of money. Although some of the ransomware operators claim not to attack critical and socially important infrastructure it doesn’t look so much of sincere words.
Ransomware hit major fuel supplier Colonial Pipeline this summer
This summer DarkSide made global headlines when the major fuel operator company Colonial Pipeline stopped its work. Hackers allegedly asked for a $4.4 million ransom payment. On the internet people shared their thoughts that when ransomware operators make promises of ethical attacks they just cover themselves from the direct eye of the police. Does not Colonial Pipeline also count as critical infrastructure?
In any case the company allegedly paid the ransom and after a few weeks resumed its work. FinCen (The financial crimes investigation unit of the US Treasury Department) not long ago made a report where it tied an astonishing sum of $5.2 billion to ransomware payments. The data published based itself on the investigation of the most common ransomware variants.