Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Clop gang members recently arrested laundered over $500M in payments

The Clop ransomware members that were recently arrested laundered over $500M in ransomware payments for several malicious actors. The members of the Clop ransomware gang that were recently arrested in Ukraine laundered over $500M for several cybercrime groups. Data related to the money laundering activities were provided by the cryptocurrency exchange portal Binance, who tracked the group as […]

Clop gang members recently arrested laundered over $500M in payments

The Clop ransomware members that were recently arrested laundered over $500M in ransomware payments for several malicious actors.

The members of the Clop ransomware gang that were recently arrested in Ukraine laundered over $500M for several cybercrime groups.

Data related to the money laundering activities were provided by the cryptocurrency exchange portal Binance, who tracked the group as FancyCat, the funds resulted from the operations of Clop and Petya ransomware.

The funds were laundered investing in multiple forms of cybercrimes.

Binance investigated the transactions associated with the threat actors with the help of blockchain analysis firms TRM Labs and Crystal (BitFury).

The experts shared their findings with the law enforcement that arrested six members of the Clop/FancyCat group.

“More recently Binance Security has been taking part in an international investigation with Ukraine Cyber Police, Cyber Bureau of Korean National Police Agency, US Law Enforcement, Spanish Civil Guard, and Swiss Federal Office of Police, among others, in apprehending a prolific cybercriminal ring. The group — also known as FANCYCAT — has been running multiple criminal activities: distributing cyber attacks; operating a high-risk exchanger; and laundering money from dark web operations and high-profile cyber attacks such as Cl0p and Petya ransomware.” reads the post published by Binance. “In all, FANCYCAT is responsible for over $500M worth of damages in connection with ransomware and millions more from other cybercrimes.”

According to Binance, the six individuals were not part of the core of the Clop ransomware gang, instead, they were only marginally involved in the financial activities of the group, for this reason, the operations are still active.

A few days after the operations conducted by the authorities, the ransomware gang made the headlines again by releasing the data stolen from new victims.

CLOP ransomware new victims

“We applied the two-pronged approach to the FANCYCAT investigation: our AML detection and analytics program detected suspicious activity on Binance.com and expanded the suspect cluster. Once we mapped out the complete suspect network, we worked with private sector chain analytics companies TRM Labs and Crystal (BitFury) to analyze on-chain activity and gain a better understanding of this group and its attribution.” concludes the report. “Based on our analysis we found that this specific group was not only associated with laundering Cl0p attack funds, but also with Petya and other illegally-sourced funds. This led to the identification and eventual arrest of FANCYCAT.”

Early this year Binance released a study on our first Bulletproof Exchanger Project that focused on anti-ransomware initiative. The project also involved the Ukraine Cyber Police and lead to the arrest of a major cybercriminal group laundering over $42M of illicit funds.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]