'Klopp Ransomware' Distributed to Extort Bitcoin... Head of International Crime Organization's Money Laundering Arrested
4 Domestic Universities and Companies Distribute
Joint Investigation by South Korea, USA, Ukraine + Interpol
4 Arrested Including Ukrainian National Mastermind
![Overview of Klopp Ransomware Crime. [Source: National Police Agency]](http://www.asiae.co.kr/news/img_view.htm?img=2021101507310067223_1634250660.jpg)
[Asia Economy Reporter Lee Gwan-ju] An international criminal organization that spread the 'Clop ransomware,' which paralyzes computer system files by changing their extensions to 'clop' and then demands ransom by holding them hostage, has been identified through a joint investigation by South Korea, the United States, Ukraine, and the International Criminal Police Organization (ICPO/Interpol).
The Cyber Investigation Division of the National Police Agency's National Investigation Headquarters announced on the 15th that four individuals, including the money laundering mastermind of the international ransomware criminal organization that distributed Clop ransomware to domestic universities and companies and extorted money, have been booked on charges of violating the Information and Communications Network Act, the Act on the Aggravated Punishment of Specific Crimes (Money Laundering), and extortion.
They are suspected of distributing Clop ransomware to four domestic universities and companies in February 2019, encrypting 720 major systems where information assets related to academic operations, manufacturing and distribution, and equipment design were stored and operated, causing disruptions, and then extorting 65 bitcoins (410 million KRW, approximately 4.5 billion KRW at current market prices) as ransom to decrypt the files.
They collected information in advance on universities and small to medium-sized enterprises with relatively weak security levels, then sent targeted malicious emails disguised as work-related messages to administrators to get them to open the emails, thereby infiltrating internal computer networks. Subsequently, they took control of the central management system by exploiting software security vulnerabilities and infected it with Clop ransomware to demand virtual assets.
Immediately after the incident, the Korean police conducted over 80 international cooperation efforts with 20 countries based on analysis of the distributed malicious programs, intrusion and remote control attack tools, and computer network intrusion methods, tracking clues such as emails and control/distribution servers. Notably, confirming that Clop ransomware was spreading worldwide, they launched 'Operation Cyclone' with Interpol, involving law enforcement agencies from 18 countries.
![A joint investigation team conducting a search and seizure of a suspect on site in Ukraine. [Photo by National Police Agency]](http://www.asiae.co.kr/news/img_view.htm?img=2021101507323367229_1634250753.jpg)
A joint investigation team conducting a search and seizure of a suspect on site in Ukraine. [Photo by National Police Agency]
View original imageAfter more than two years of tracking, Korean police identified nine foreign suspects who ultimately received the virtual assets paid by the victim companies by tracing the virtual assets backward. In February this year, Korean and Ukrainian police confirmed the whereabouts of three Ukrainian suspects and began a joint investigation in June. This joint investigation involved over 80 investigators from South Korea, Ukraine, and the United States, who conducted raids on 21 locations including the residences of three suspects identified by Korean police and three related individuals confirmed by Ukrainian police, resulting in the arrest of six individuals.
Korean police booked three Ukrainian nationals suspected of conspiring with hackers to launder money and one additional foreign national identified through analysis of seized evidence on charges of violating the Act on the Aggravated Punishment of Specific Crimes (Money Laundering). Among them, arrest warrants were issued for two money laundering masterminds, and Interpol was requested to issue red notices.
The police plan to announce the investigation results at the '2021 International Cybercrime Response Symposium' held from the 18th to the 22nd and share them with international police organizations such as Interpol and Europol, as well as law enforcement agencies worldwide.
Hot Picks Today
As Samsung Falters, Chinese DRAM Surges: CXMT Returns to Profit in Just One Year
- "Most Americans Didn't Want This"... Americans Lose 60 Trillion Won to Soaring Fuel Costs
- "Striking Will Lead to Regret": Hyundai-Kia Employees Speak Out... Uneasy Stares Toward Samsung Union
- "Over 7,000 Residents Evacuate Urgently" Magnitude 5.2 Earthquake Leaves 2 Dead, 6 Injured... What Happened in China?
- "Why Make Things Like This?" Foreign Media Highlights Bizarre Phenomenon Spreading in Korea
A National Police Agency official stated, "This case is very significant as it is the first instance of arresting money laundering suspects through joint investigations with foreign countries. We will continue to confirm the charges against the remaining suspects involved in money laundering through ongoing international cooperation and further investigate the hackers who commissioned the money laundering and actually created and distributed the Clop ransomware until their identities are fully revealed."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
