The Clop ransomware gang was the focus of a three-and-a-half-year global law enforcement operation known as ‘Operation Cyclone’.

Clop ransomware was detected in early 2019 and has since been linked to a number of high-profile incidents, like the breach on ExecuPharm in the United States, as well as the data breach at Accellion, where hackers exploited flaws in the IT provider’s software to steal data from dozens of its customers, including the University of Colorado and cloud security vendor Qualys.

The Ukrainian law enforcement detained members of the Clop ransomware group who were involved in ransom payment laundering.

‘Operation Cyclone’

The Intercontinental operation was led by INTERPOL’s Cyber Fusion Centre in Singapore, with cooperation from Ukrainian and US law enforcement.

The global strike – codenamed Operation Cyclone – follows global police investigations into attacks against Korean companies and US academic institutions by the Cl0p ransomware threat group.

Cl0p malware operators in Ukraine allegedly attacked private and business targets in Korea and the US by blocking access to their computer files and networks, and then demanded extortionate ransoms for restoring access.

The suspects are thought to have facilitated the transfer and cash-out of assets on behalf of the ransomware group whilst also threatening to make sensitive data public if additional payments were not made.


Clop was investigated for its repeated assaults against Korean companies and US academic institutions, in which threat actors encrypted devices and extorted organizations to pay a ransom or have their stolen data revealed.

Clop launched a huge ransomware assault against E-Land Retail, a South Korean conglomerate, and retail powerhouse, in December 2020, forcing the temporary closure of 23 of 50 NC Department Store and NewCore Outlet retail Clop recently stole secret and private material from organizations and institutions by exploiting a weakness in the Accellion secure file transfer gateway. When the threat actors’ $10 million+ ransom demands were not met, they publicly disclosed personal information from students at a number of institutions and schools.

Despite spiraling global ransomware attacks, this police-private sector coalition saw one of global law enforcement’s first online criminal gang arrests, which sends a powerful message to ransomware criminals, that no matter where they hide in cyberspace, we will pursue them relentlessly.


If convicted, the six suspected Clop members face up to eight years in prison.

The six suspects are believed to be tightly linked to a Russian-language cybercriminal gang known for naming-and-shaming its victims on a Tor leak site, and for moving more than USD 500 million in funds linked to multiple ransomware activities.

Their attacks target key infrastructure, such as transportation and logistics, education, manufacturing, energy, financial, aerospace, telecommunications, healthcare and high-tech sectors worldwide.


If you liked this article follow us on LinkedInTwitterYouTubeFacebookand Instagram to keep up to date with everything cybersecurity.

Ransomware-as-a-Service (RaaS) – The Rising Threat to Cybersecurity

Clop Ransomware: Overview, Operating Mode, and Prevention [UPDATED 2023]

Ransomware Explained. What It Is and How It Works

Leave a Reply

Your email address will not be published. Required fields are marked *