The Clop ransomware returned after the recent arrests of gang members and began reporting new victims at its data leak site.
Last week, Ukrainian police, along with the Korean National Police Service and the United States, arrested members of the Clop gang.
Learn more: Ukraine arrests members of Clop ransomware gang
A video shared by Ukrainian police shows authorities searching homes and seizing 500 million Ukrainian hryvnias (about $ 180.000), computer equipment, documents and expensive cars (Tesla, Mercedes etc).
In a press release, Ukrainian police described the arrests as one major blow to Clop ransomware gang operations.
"Law enforcement managed to shut down the infrastructure from which the virus spreads and blocked channels for the legalization of illegally acquired cryptocurrencies" he said.
Clop ransomware returns
However, it seems that the Clop ransomware gang took action again after it published data of two young victims stolen at the data leak site it handles.
The cybersecurity company Intel 471 He said the gang was continuing operations despite the arrests of some members, because the arrests mainly targeted the money laundering department of the company, while most likely the key members of the group were not arrested.
"We do not believe that key members of the CLOP ransomware group have been arrested and we believe that they may be living in Russia".
Since this group has caught the attention of the authorities, it is possible that it will disappear for a while and appear under another name.
The Clop team seems to be back quickly, but police authorities have managed to crack down on many ransomware gangs this year, targeting partners and infrastructure.
Earlier this year, Bulgarian police seized servers belonging to the gang behind the Netwalker ransomware and the Ukrainian police arrested its members Egregor Group ransomware.
Also, the FBI arrested his developer TrickBot trojan, which helped to develop a new ransomware business.
A few words about the team
The ransomware gang Clop has been operating since March 2019. It started targeting businesses with a variation of CryptoMix ransomware.
Typically, hackers gain access to a corporate computer and then slowly spread across the network, stealing data and documents. After collecting all the valuable data, they deploy ransomware on the network to encrypt its devices.
The Clop ransomware gang has been linked to attacks on Maastricht University, Software AG IT, ExecuPharm and Indiabulls.
Ukrainian police estimate that the total losses associated with Clop ransomware amount to $ 500 million.
Source: Bleeping Computer