Ukrainian police have arrested members of a notorious ransomware gang that recently targeted American universities. The Ukraine National Police said it had worked with Interpol and the US and South Korean authorities to charge six members of the Ukraine-based Cl0p hacker group who are allegedly responsible for a half billion-dollar cyber crimewave.
The move marks the first time that a national law enforcement agency has carried out mass arrests of a ransomware gang.
Cl0P is one of several ransomware cartels that seize a target’s data, demanding a ransom to release it. The group has also increasingly threatened to leak sensitive information online if a target refuses to pay, a tactic known as “double extortion”.
Recent targets have included oil company Shell and the University of California and Stanford University.
In most cases, the hackers wielded a vulnerability in a file transfer product run by Accellion to compromise their victims.
Earlier this year hackers disrupted the Colonial Pipeline supplying petroleum to much of the US east coast — an attack the White House has attributed to a Russian-based group.
As part of its Cl0P takedown, the Ukrainian said that it had conducted 21 searches in the Kyiv region of homes and cars of those arrested, seizing computer equipment, 5m Ukrainian hryvnias (around $185,000) and property.
Video footage shared by the police showed officers raiding homes in what appeared to be wealthy neighbourhoods, and towing luxury cars including Teslas.
The police also said it had “managed to shut down” some of the group’s digital infrastructure. It is unclear whether those arrested were core members of the group or affiliates.
The defendants face eight years in prison, the Ukrainian police said.
Governments are under increasing pressure to curb the activities of cyber criminals. US president Joe Biden recently attended a summit in Geneva with Russia’s president Vladimir Putin, in which both parties were expected to discuss the threat of ransomware.
Some experts allege Moscow allows ransomware criminals to operate with impunity in the country on the understanding that hackers will not target Russian-speaking organisations, and will share access with the government if called upon to do so.
Ahead of the summit, however, both Putin and Biden suggested they were open to exchanging cyber criminals.