The cyber ransomware group Clop, which was arrested last week as part of an international law enforcement operation, also operated a money-laundering service used by other cybercriminal groups.
According to the cryptocurrency exchange Binance, the group was engaged in both cyberattacks and “risky exchanges”, laundering funds for themselves and for other cybercriminals. In total, Clop laundered more than $ 500 million in cryptocurrency received as ransom payments from victims of Clop and Petya ransomware. In addition, the group, which Binance tracked as FancyCat, laundered millions of dollars from other types of cybercrimes.
The cryptocurrency exchange Binance, registered in the Cayman Islands, together with the analytical companies TRM Labs and Crystal (BitFury), discovered the existence of the group, collected all possible data about it and handed it over to law enforcement agencies. According to representatives of the exchange, this information contributed to the further arrests of members of the group.
According to Ukrainian police, six members of the Clop were arrested last week in Kiev and the region. Although law enforcement officials claim that those arrested are the Clop group itself, according to Binance, they are just “pawns” in its operations. This explains why, after the arrests, Clop’s attacks are still ongoing . For example, the group’s leaks site is still active, and on June 22 (six days after the arrests), information about a new victim appeared on it.
Catch up on more articles here
Follow us on Twitter here