Security News

Ukrainian police have carried out nearly two dozen raids targeting alleged associates of a Russian-speaking ransomware gang it blamed for a half billion dollars in cyberattacks and extortion that hit the United States and South Korea especially hard. A police statement on Wednesday said 21 raids were conducted on the homes of suspects affiliated with the Clop ransomware syndicate in Kyiv and elsewhere, with computer equipment and about 5 million hryna in cash seized.

Ukrainian law enforcement officials on Wednesday announced the arrest of the Clop ransomware gang, adding it disrupted the infrastructure employed in attacks targeting victims worldwide since at least 2019. The ransomware attacks amount to $500 million in monetary damages, the National Police said, noting that "Law enforcement has managed to shut down the infrastructure from which the virus spreads and block channels for legalizing criminally acquired cryptocurrencies."

You don't need to be fluent in Ukrainian to understand the shouted command: "Open up, Police!". At which point the door opens outwards, slowly and tentatively, and the raid is ON! According to the Ukrainian police, law enforcement officers conducted 21 searches in the capital and Kyiv region.

Ukrainian police have arrested six people, alleged to be members of the notorious Clop* ransomware gang, seizing cash, cars - and a number of Apple Mac laptops and desktops. The six suspects were arrested in joint raids carried out with South Korean law enforcement authorities earlier today, cops in Ukraine said.

Ukrainian law enforcement arrested cybercriminals associated with the Clop ransomware gang and shut down infrastructure used in attacks targeting victims worldwide since at least 2019. Cybersecurity company Intel 471 told BleepingComputer that the Ukrainian authorities arrested only individuals involved in laundering money for the Clop gang since its core members are likely out of harm's way in Russia.

The agency said it had linked the attack to "One of the hacker spy groups from the Russian Federation." The incident was described as a supply chain attack and compared to the NotPetya attack of 2017 and the recently disclosed SolarWinds incident. Another press release, issued on Monday, said the NCCC had been seeing "Massive DDoS attacks" since February 18.

Ukraine is formally pointing fingers at Russian hackers for hacking into one of its government systems and attempting to plant and distribute malicious documents that would install malware on target systems of public authorities. "The purpose of the attack was the mass contamination of information resources of public authorities, as this system is used for the circulation of documents in most public authorities," the National Security and Defense Council of Ukraine said in a statement published on Wednesday.

The National Security and Defense Council of Ukraine is accusing threat actors located on Russia networks of performing DDoS attacks on Ukrainian government websites since February 18th. The National Coordination Center for Cybersecurity at the NSDC state that these DDoS attacks have been massive and have targeted government websites in the defense and security sector. While Ukraine did not directly accuse Russia of the denial of service attacks, they stated that the attackers' IP addresses were located on Russian networks.

According to a report from radio station France Inter, numerous cybercriminals connected to the Egregor ransomware gang have recently been arrested. Since Tuesday [last week], police in the two countries have been working together in an effort to dismantle a cybercrime group suspected of initiating hundreds of ransomware attacks dating back to September 2020.[] Police arrested a number of hackers suspected of working with the Egregor cybercrime gang, providing hacking, logistical, and financial support.

"Sanixer said Collection#1 consists of data pulled from a huge number of hacked sites, and was not exactly his 'freshest' offering. Rather, he sort of steered me away from that archive, suggesting that - unlike most of his other wares - Collection #1 was at least 2-3 years old. His other password packages, which he said are not all pictured in the above screen shot and total more than 4 terabytes in size, are less than a year old, Sanixer explained." That's because in nearly all cases, the person who is in control of that email address can reset the password of any services or accounts tied to that email address - merely by requesting a password reset link via email.