By: Editorial Staff, Date: June 29th, 2021
In what is believed to be the first time that a national law enforcement agency conducted mass arrests targeting a ransomware group, the National Police of Ukraine recently arrested six individuals alleged to be members of the notorious Clop ransomware gang. Despite these arrests, though, Clop remains in operation and has responded to the arrests by doxing two new victims.
Doxing is one of the many strong-arm tactics that ransomware operations can use to leverage money out of the organizations that they target. If the ransom money being demanded isn’t paid, doxing
punishes the victim of the ransomware attack by publishing their sensitive information online for all the world to see. While the Clop ransomware gang did go silent for a while following the Ukrainian arrests, they have now published confidential data from an architect’s office and a farm equipment retailer.
Although neither of the group’s latest victims has made any public comments about their information being exposed, it is strongly believed that they were both the target of a ransomware attack from the Clop ransomware gang. This unfortunate turn of events serves as a troubling sign that recent arrests have done little to slow down the gang’s operations.
In a quote, cybersecurity firm Intel 471 said, “We do not believe that any core actors behind Clop were apprehended. The overall impact to Clop is expected to be minor, although this law enforcement attention may result in the Clop brand getting abandoned as we’ve recently seen with other ransomware groups like DarkSide and Babuk.”
As the frequency of ransomware attacks continues to rise, so does the creativity of the criminals employing these attacks. Doxing is just the latest example of a serious threat that such criminals can use in order to convince their targets to pay the demanded ransom. Moving forward, though, we are likely to see ransomware attacks that are given teeth through the threat of doxing become all the more common.