Ukrainian authorities announced the arrest of some alleged members of the Clop ransomware group, in addition to tearing down the computer infrastructure used by this hacking group for at least two years. The specialized cybersecurity unit of the National Police of Ukraine says that the attacks of this group generated losses of up to $500 million USD.

In a press release, authorities said: “We have managed to bring down the infrastructure from which this malware is deployed, also blocking channels for money laundering through cryptocurrency transactions.” The individuals involved in the Clop ransomware operation were arrested during multiple raids and face sentences of up to eight years in prison.

While authorities claim that Clop’s infrastructure has been torn down, this hacking group’s payment platform continues to operate, so it is likely that developers will continue to operate in the future.

This operation was made possible by the collaboration of the Ukrainian police with investigative agencies in the United States and South Korea. Authorities also note that it is not yet clear whether the arrested individuals are part of Clop’s development team or whether they acted as affiliates of the ransomware-as-a-service (RaaS) platform.

Moreover, a related security report claims that Ukrainian authorities only managed to arrest a few individuals linked to money laundering operations, adding that it is highly likely that the real ransomware operators are hiding on Russian territory: “We really believe it is unlikely that any major actor behind Clop has been arrested.”, notes the Intel 471 research group report.

Clop doesn’t just operate as a RaaS platform. Recent reports indicate that the operators of this malware actively participated in the attacks against implementations of Accellion FTA, a secure file sharing service that was severely affected by various incidents in early 2021. While in these cases hackers did not encrypt the compromised files, the exposed information could be leaked in hacking forums.

Among the victims of these attacks on Accellion are public and private organizations around the world such as the security firm Qualys, the Kroger supermarket chain, the Reserve Bank of New Zealand and multiple public offices in the U.S.

For more information on hacking incidents, cybersecurity, malware attacks and security tips, feel free to access the platforms of the International Institute of Cyber Security (IICS).