{
	"id": "50e9ca66-d649-4b49-b474-49088fa4be07",
	"created_at": "2026-04-06T03:35:55.355256Z",
	"updated_at": "2026-04-10T03:21:58.956648Z",
	"deleted_at": null,
	"sha1_hash": "86ec40f4eff55d23d9501b0572eaaf9dcb88227a",
	"title": "Ukraine arrests Clop ransomware gang members, seizes servers",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2344862,
	"plain_text": "Ukraine arrests Clop ransomware gang members, seizes servers\r\nBy Sergiu Gatlan\r\nPublished: 2021-06-16 · Archived: 2026-04-06 02:59:10 UTC\r\nUkrainian law enforcement arrested cybercriminals associated with the Clop ransomware gang and shut down infrastructure\r\nused in attacks targeting victims worldwide since at least 2019.\r\nAccording to the Cyberpolice Department of the National Police of Ukraine the ransomware group is behind total financial\r\ndamages of roughly $500 million.\r\n\"Together, law enforcement has managed to shut down the infrastructure from which the virus spreads and block channels\r\nfor legalizing criminally acquired cryptocurrencies,\" Ukrainian authorities said.\r\nhttps://www.bleepingcomputer.com/news/security/ukraine-arrests-clop-ransomware-gang-members-seizes-servers/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/ukraine-arrests-clop-ransomware-gang-members-seizes-servers/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\n\"Law enforcement officers conducted 21 searches in the capital and Kyiv region, in the homes of the defendants, and in their\r\ncars.\"\r\n\"The defendants face up to eight years in prison. Investigative actions continue. Procedural guidance is provided by the\r\nOffice of the Prosecutor General of Ukraine.\"\r\nBased on Ukrainian police's press release, it is not yet clear if the arrested individuals are affiliates or core members of the\r\nransomware operation.\r\nThe cybercriminals were arrested following an international operation in conjunction with law enforcement officers from the\r\nUnited States and the Republic of Korea.\r\nCybersecurity company Intel 471 told BleepingComputer that the Ukrainian authorities arrested only individuals involved in\r\nlaundering money for the Clop gang since its core members are likely out of harm's way in Russia.\r\n\"The law enforcement raids in Ukraine associated with CLOP ransomware were limited to the cash-out/money laundering\r\nside of CLOP's business only,\" Intel 471 said.\r\n\"We do not believe that any core actors behind CLOP were apprehended and we believe they are probably living in Russia.\r\n\"The overall impact to CLOP is expected to be minor although this law enforcement attention may result in the CLOP brand\r\ngetting abandoned as we've recently seen with other ransomware groups like DarkSide and Babuk.\"\r\nEtt fel inträffade.\r\nDet går inte att köra JavaScript.\r\nClop ransomware operation's previous activity\r\nIn addition to encrypting attacks, the Clop ransomware gang was linked to the recent wave of Accellion data breaches which\r\nled to a drastic increase in average ransom payments calculated for the first three months of 2021.\r\nWhile as part of regular ransomware attacks the victims' data is encrypted, Clop's attacks did not encrypt a single byte but\r\ninstead exfiltrated large amounts of data from high-profile companies that used Accellion's legacy File Transfer Appliance\r\n(FTA).\r\nThe gang used the stolen data as leverage to extort the compromised companies with high ransom demands.\r\nStarting with January, BleepingComputer reported Clop attacks abusing Accellion to breach:\r\nenergy giant Shell, cybersecurity firm Qualys,\r\nsupermarket giant Kroger,\r\nthe Reserve Bank of New Zealand,\r\nSingtel,\r\nthe Australian Securities and Investments Commission (ASIC),\r\nthe Office of the Washington State Auditor (\"SAO\"),\r\nas well as multiple universities and other organizations.\r\nClop also claimed to have stolen 2 million credit cards from Korean retailer E-Land's servers using point-of-sale (POS)\r\nmalware before deploying ransomware on their network one year later, in November 2020.\r\nPreviously, Clop ransomware was behind attacks on Maastricht University, Software AG IT, ExecuPharm, and Indiabulls.\r\nhttps://www.bleepingcomputer.com/news/security/ukraine-arrests-clop-ransomware-gang-members-seizes-servers/\r\nPage 3 of 4\n\nClop's Tor payment site and data leak site are still operational, so it looks like the Clop ransomware operation has not been\r\ncompletely shut down at this time.\r\nBleepingComputer has reached out to the FBI for comment on their involvement in the investigation but had not heard back\r\nat the time of this publication.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/ukraine-arrests-clop-ransomware-gang-members-seizes-servers/\r\nhttps://www.bleepingcomputer.com/news/security/ukraine-arrests-clop-ransomware-gang-members-seizes-servers/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/ukraine-arrests-clop-ransomware-gang-members-seizes-servers/"
	],
	"report_names": [
		"ukraine-arrests-clop-ransomware-gang-members-seizes-servers"
	],
	"threat_actors": [],
	"ts_created_at": 1775446555,
	"ts_updated_at": 1775791318,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/86ec40f4eff55d23d9501b0572eaaf9dcb88227a.pdf",
		"text": "https://archive.orkl.eu/86ec40f4eff55d23d9501b0572eaaf9dcb88227a.txt",
		"img": "https://archive.orkl.eu/86ec40f4eff55d23d9501b0572eaaf9dcb88227a.jpg"
	}
}