Authorities bust Eastern European group responsible for hacking American universities
Ailan Evans, DCNF
Ukrainian police Wednesday arrested six members of a cyber criminal ring known for carrying out ransomware attacks on American universities.
The group, known as CLOP, extorted victims by encrypting sensitive media data, such as pictures, videos and music, with a proprietary ransomware virus, according to a statement by Ukrainian police. They then demanded money to restore access to the data, threatening to publish it if they did not receive payment.
“The CLOP operation has been used to disrupt and extort organizations globally in a variety of sectors including telecommunications, pharmaceuticals, oil and gas, aerospace, and technology,” John Hultquist, vice president at cybersecurity firm Mandiant, told TechCrunch.
The group previously hacked several American universities such as Stanford University and the University of Maryland, encrypting personal data and financial records, according to the statement. The group’s attacks differ from conventional ransomware attacks by infecting the entire computer network of certain institutions, affecting every computer connected to the network.
Though it is unclear how police were able to identify the hackers, Ukrainian authorities say the investigation was conducted with help of law enforcement officials from the U.S., South Korea, and Interpol. The damages caused by hackers total $500 million.
The arrests follow a series of ransomware attacks on American infrastructure and supply chains, with the attack on meat packer JBS earlier this month and the shutdown of the Colonial Pipeline in May. The FBI attributed both attacks to Eastern European ransomware syndicates.
Moreover, the announcement comes as President Joe Biden discussed cybersecurity concerns with Russian President Vladimir Putin on Wednesday in Geneva, Switzerland. The leaders sought to establish common rules and procedures to respond to ransomware attacks and work together to address the cybersecurity threat.
“We agreed to task experts of both our countries to work on specific understandings about what’s off limits and follow up on specific cases that originate in other countries, in either of our countries,” Biden told reporters Wednesday, The Hill reported.
Ransomware attacks have doubled over the past five years, according to cybersecurity company BlackFog.