Ukranian police have raided the headquarters of the notorious Cl0p ransomware gang, seizing computer hardware used in its operations along with the equivalent of $184,000, which is most likely ransom money.
According to Cybernews, the group has attacked several high profile targets mostly in the US, and South Korea, including the Stanford University Medical School, the University of Maryland, and the University of California.
Cl0p was also reportedly adept at running a ransomware-as-a-service operation and had collaborated with other cybercriminal groups, especially when going after bigger targets such as oil giant Shell, and the American Flagstar Bank.
- These are the best endpoint protection tools
- Check our list of the best firewall apps and services
- Here's our choice of the best malware removal software on the market
As per reports, the Ukranian law enforcement stated that the suspects it rounded up during the raids were using the Cl0p ransomware, though it did not disclose whether they were members or only affiliates of the gang.
Ransomware attacks have long been a threat for any large scale network, though the frequency of the attacks has arguably increased during the pandemic, as businesses relax the protections around their corporate networks in order to facilitate remote working.
Oliver Tavakoli, CTO at cybersecurity company Vectra AI believes that such law enforcement actions can eventually help shrink the ransomware ecosystem, since the increased likelihood of repercussions will discourage criminals from the business of ransomware.
“When periodic disruptions occur in the supply chain of ransomware and sometimes ransoms are reclaimed (as the FBI recently did with some of the Colonial Pipeline ransom payments), the business of ransomware itself becomes less lucrative and less people are drawn into it,“ says Tavakoli.
Ukraine’s action could have geopolitical ramifications as well. With Ukraine-Russia relations at an all time low, the arrest comes even as Russia continues to drag its feet when it comes to disrupting ransomware groups operating within its jurisdiction, such as the one that is thought to be behind the Colonial Pipeline attack.
- Protect your devices with these best antivirus software