The intergovernmental organization revealed that it has issued two red notices, which are international arrest warrants, among its member countries. The red notices follow the arrests made by the Ukrainian police earlier this year. The malware operators in Ukraine are accused of attacking organizations in Korea and the U.S. They work by cutting off access to computer files and networks and demanding ransoms in order to restore regular functions. Read on to learn more about the CL0P ransomware group and the details of INTERPOL’s Operation Cyclone.
Who is CL0P Ransomware Group?
CL0P ransomware group is a Russian-language cybercrime gang that infects its targets with ransomware. So far, the group has moved over $500 million from ransomware-related operations. It is also known to name and shame victims on a Tor leak site. INTERPOL said that the group targets key infrastructure “such as transportation and logistics, education, manufacturing, energy, financial, aerospace, telecommunications, healthcare and high-tech sectors worldwide.” In July this year, the group targeted Jones Day, a famous American law firm. The six persons arrested in Ukraine are suspected to belong to CL0P ransomware group. They could face up to eight years in prison if convicted.
Details of Operation Cyclone
According to INTERPOL’s announcement, Operation Cyclone was coordinated at the organization’s Cyber Fusion Centre in Singapore. Here, stakeholders used INTERPOL’s global network and resources to “share intelligence in an interactive and secure environment.” Ukrainian police used this intelligence to “search more than 20 houses, businesses, and vehicles, confiscate property and computers, and seize $185,000 in cash assets, as well as to make the six arrests.” Several private organizations and cybersecurity research firms assisted Operation Cyclone through INTERPOL’s Gateway project. Gateway facilitates law enforcement and private industry partnerships that focus on gathering threat data from multiple sources. This enables law enforcement to prevent attacks. The private partners mentioned include Trend Micro, CDI, Kaspersky Lab, Palo Alto Networks, Fortinet, and Group-IB. INTERPOL stated that the operation continues to provide evidence for further investigations. It is also allowing the international police community to thwart efforts to launder cryptocurrency. Craig Jones, INTERPOL’s Director of Cybercrime, said, “Despite spiraling global ransomware attacks, this police-private sector coalition saw one of global law enforcement’s first online criminal gang arrests, which sends a powerful message to ransomware criminals, that no matter where they hide in cyberspace, we will pursue them relentlessly.” Furthermore, two Korea-based cyber threat companies assisted the investigation by providing INTERPOL with “valuable dark web data analysis throughout the operation.”