Cl0p Ransomware Group Announces New Victim After Police Arrest

The renowned Cl0p ransomware operation appears to be back in business, just days after Ukrainian police arrested six alleged members of the gang. The arrests were recognized as a win against a hacker group that has targeted dozens of victims in recent months, including Flagstar Bank, Jonesday Law Firm, Shell, and a number of US universities. 

Numerous suspects believed to be affiliated with the Cl0p ransomware group were arrested last week in a law enforcement operation led by the National Police of Ukraine and officials from South Korea and the United States. It’s considered to have been the first time a national law enforcement agency has made mass arrests in connection with a ransomware attack. 

The Ukrainian authorities said at the time that they had successfully shut down the gang’s server infrastructure. However, it does not appear that the operation was entirely successful as less than a week later, the gang’s hackers posted information on their dark website that they claimed was obtained from a new victim. This new breach, intended to put pressure on the corporation to pay the money demanded by the hackers, indicates that the arrests in Ukraine have had no effect on the hackers. 

It’s unknown when the new company was hacked, and whether the data was hacked before the arrests but hadn’t been made public until now, or whether it was a whole new hack. In any case, it shows that the group is still operational in some capacity. 

In an email, Brett Callow, a security researcher at Emsisoft, who specializes in tracking ransomware, said, “The fact that data has been posted suggests that the action by the Ukrainian police may not have involved core members of the threat group or completely disrupted their operations.” 

Though the hackers did not respond to an email sent to the address listed on their website right away. In an email to Motherboard last week, the Cyber-Police Department of Ukraine’s National Police stated it had “identified six perpetrators,” but refused to address any specific questions regarding the people arrested “so as not to jeopardize the investigation.” 

The police said they searched the houses and automobiles of the alleged hackers in and around Kiev 21 times. The cops reported that they have seized 500 million Ukrainian hryvnia (approximately $180,000), as well as computers and automobiles. On Tuesday, the police did not immediately respond to an email seeking comment.

Cl0p ransomware was identified in early 2019, and it has since been tied to a number of high-profile attacks. These include the April 2020 data breach at ExecuPharm in the United States, as well as the data breach at Accellion, in which hackers exploited vulnerabilities in the IT provider’s software to steal data from dozens of customers, including the University of Colorado and cloud security firm Qualys.