Ukraine police seize cash in raids on major ransomware gang

Jun 16, 2021, 3:13 PM | Updated: 5:05 pm

MOSCOW (AP) — Ukrainian police have carried out nearly two dozen raids targeting alleged associates of a Russian-speaking ransomware gang it blamed for a half billion dollars in cyberattacks and extortion that hit the United States and South Korea especially hard.

A police statement on Wednesday said 21 raids were conducted on the homes of suspects affiliated with the Clop ransomware syndicate in Kyiv and elsewhere, with computer equipment and about 5 million hryna ($185,000) in cash seized.

Six defendants carried out attacks on U.S. and Korean companies — for which they face up to eight years in prison for violating computer crime and money-laundering laws, the statement said. It did not say whether any suspects were detained, and said the investigation was ongoing. The Clop dark web leak site remained online hours after the raids were announced, suggesting the gang’s internet infrastructure might still be intact.

The most potent ransomware gangs operate with Kremlin tolerance, based out of reach of Western law enforcement. Russia neither prosecutes not extradites them. Trying to persuade its president, Vladimir Putin, to change that was a priority of U.S. President Joe Biden in their meeting Wednesday in Geneva. It’s not clear whether Biden made any headway.

Video posted by the Ukrainian police showed Korean police taking part in this week’s raids, where cash, cell phones and cars were also seized. The police statement said four Korean companies hit by the gang with the ransomware — which scrambles data that can only be unlocked with a software key obtained by paying the criminals — had paid ransoms. It said the gang targeted U.S. universities, including Stanford Medical School and the University of Maryland.

Wednesday’s raid “is a continuation of the much more aggressive posture that law enforcement has taken against ransomware gangs this year,” said analyst Allan Liska of the cybersecurity firm Recorded Future. “It really does feel like law enforcement has figured out how to attack the ransomware scourge, and hopefully, will slow down the attacks.”

After last month’s attack on the Colonial Pipeline affected fuel shipments to the U.S. East Coast, the White House began taking ransomware criminals as seriously as it does terrorists, and many are now lying low. The author of the Colonial attack went into hiding and a different group, Avaddon, suddenly announced its retirement. Cybersecurity analysts caution, however, that such retirements are not new and can be a ruse to thwart law enforcement while the criminals reconstitute and create new products with different brands.

And while some arrests have been made and ransomware infrastructure disabled in recent months, no kingpins have been snared.

Clop is among the more prolific ransomware gangs, known for extorting victims by threatening to publish data stolen from them. It has published the names of 65 victims to its dark web extortion site since August, said Liska.

In some cases, Clop has extorted victims with data it may not have obtained directly but purchased instead from third party cyberthieves. It’s what security researchers suspect happened in the case of the Universities of Colorado and Miami, the rail transport company CSX Corporation, the Kroger grocery and pharmacy chain, the Canadian aircraft maker Bombardier and the prominent law firm Jones Day. That data was stolen in the hack of a software tool made by the California firm Accellion, used to manage large email attachments.

___

Bajak reported from Boston

Copyright © The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

AP

FILE - Rhode Island Army National Guard Staff Sgt. Andrew Bates pulls up tape marking a line at a c...
Associated Press

Army Guard troops risk dismissal as vaccine deadline looms

WASHINGTON (AP) — Up to 40,000 Army National Guard soldiers across the country — or about 13% of the force — have not yet gotten the mandated COVID-19 vaccine, and as the deadline for shots looms, at least 14,000 of them have flatly refused and could be forced out of the service. Guard soldiers have […]
5 hours ago
Associated Press

French MPs want abortion rights inscribed in constitution

PARIS (AP) — A group of lawmakers belonging to French President Emmanuel Macron’s party will propose a bill to inscribe abortion rights into the country’s constitution, according to the statement by two members of parliament on Saturday. The move comes after the U.S. Supreme Court overturned a 50-year-old ruling and stripped women’s constitutional protections for […]
5 hours ago
A strike sign is displayed by an entrance at Waterloo train station, in London, during a railway wo...
Associated Press

Here we go again: Strike snarls UK trains for a third day

LONDON (AP) — Train stations were all but deserted across Britain on Saturday, as the third day of a national strike snarled the weekend plans of millions. Train companies said only a fifth of passenger services would run, as about 40,000 cleaners, signalers, maintenance workers and station staff walked off the job in Britain’s biggest […]
5 hours ago
Local resident Tetyana points at her house heavily damaged by the Russian shelling in Bakhmut, Done...
Associated Press

Russia pushes to block 2nd city in eastern Ukraine

KYIV, Ukraine (AP) — Russian forces are trying to block a city in eastern Ukraine, the region’s governor said Saturday, after their relentless assault on a nearby city forced Ukrainian troops to begin withdrawal after weeks of intense fighting. Russia also launched missile attacks on areas far from the heart of the eastern battles. Serhiy […]
5 hours ago
Bangladesh's longest bridge, which took eight years to build amid setbacks involving political conf...
Associated Press

Bangladesh marks opening of country’s longest bridge

DHAKA, Bangladesh (AP) — Bangladesh’s Prime Minister Sheikh Hasina on Saturday celebrated the opening of the country’s longest bridge, which took eight years to build amid setbacks involving political conflict and corruption allegations. The 6.51-kilometer (4.04-mile) bridge spanning the Padma River cost an estimated $3.6 billion and was paid for with domestic funds after the […]
5 hours ago
Police prepare their equipment and gather prior to a demonstration ahead of the G7 summit in Munich...
Associated Press

Protests expected as G-7 leaders set to arrive in Germany

MUNICH (AP) — Tens of thousands of protesters are expected to gather in Munich on Saturday as the Group of Seven leading economic powers hold their annual gathering in the Bavarian Alps in Germany, which holds the G-7´s rotating presidency this year. Police were expecting at least 20,000 protesters in the Bavarian city, the German […]
5 hours ago

Sponsored Articles

...
Carla Berg, MHS, Deputy Director, Public Health Services, Arizona Department of Health Services

Update your child’s vaccines before kindergarten

So, your little one starts kindergarten soon. How exciting! You still have a few months before the school year starts, so now’s the time to make sure students-to-be have the vaccines needed to stay safe as they head into a new chapter of life.
...
Arizona Division of Problem Gambling

Arizona Division of Problem Gambling provides exclusion solution for young sports bettors

Sports betting in Arizona opened a new world to young adults, one where putting down money on games was as easy as sending a text message.
...
Carla Berg, MHS, Deputy Director, Public Health Services, Arizona Department of Health Services

ADHS mobile program brings COVID-19 vaccines and boosters to Arizonans

The Arizona Department of Health Services and partner agencies are providing even more widespread availability by making COVID-19 vaccines available in neighborhoods through trusted community partners.
Ukraine police seize cash in raids on major ransomware gang