Ukrainian police have dealt a serious blow to the ransomware gang behind the cyberattacks in the U.S. transportation and logistics sector — including the trailer maker Utility and rail operator CSX — arresting six alleged members of Clop and seizing cash, computers and cars.
The National Police of Ukraine said Wednesday it made the arrests as part of an operation with U.S. and South Korean law enforcement and Interpol. Beyond nabbing the alleged cybercriminals, police said they shut down the infrastructure used to stage the attacks.
Clop’s attacks have cost its victims about $500 million, police said. The hackers targeted companies across the world — and publicly acknowledged many of its attacks through a leak site. It extorted companies through their initial attacks and the threat of leaking stolen data.
The ransomware gang attempted to extort California-based Utility Trailer Manufacturing in May by leaking 5 gigabytes of stolen data to the dark web. In March, Clop took a similar approach with CSX Corp. (NASDAQ:CSX), leaking data that included personal information about current and former employees.
Clop also targeted Canadian fuel distributor Parkland. In addition, it claimed that it attacked Canadian trucking firm Boutin Express and Minnesota truck dealership Allstate Peterbilt, though neither company responded to requests for comments about the apparent attacks.
It’s unclear if the operation, which included 21 raids in Ukraine’s capital, Kyiv, succeeded in shutting down Clop. The group’s dark web leak site was still online as of Wednesday morning.
It comes as international law enforcement turns on the heat on the criminals behind ransomware attacks. Last week, the U.S. Department of Justice announced it had seized most of the ransom paid to members of DarkSide by Colonial Pipeline.