Clop ransomware suspects busted in Ukraine, money and motors seized

The 5-minute video is well worth watching.

You don’t need to be fluent in Ukrainian to understand the shouted command: “Open up, Police!”

There’s a moment of indecision, with the camera lingering on the sort of front door that looks a bit more rugged than yours or mine, during which you’re left wondering, “What happens if the suspects simply lie low and refuse to open the door?”

That question is answered when a burly copper steps up with a gasoline-powered cutting tool (what a gamer might called a BFG, short for Big Fearsome Grinder) and pulls enthusiastically on the starting cord to fire it up…

…at which point the door opens outwards, slowly and tentatively, and the raid is ON!

(At another property raid shown in the video, the suspects didn’t open up, and you get to see the BFG used to good effect against a reinforced door.)

According to the Ukrainian police, law enforcement officers conducted 21 searches in the capital and Kyiv region.

The video shows piles of cash being counted, bagged, logged and seized by police officers, along with laptops and desktops (many shown running the latest version of macOS, if you’ve ever wondered what computing devices a discerning alleged ransomware criminal might choose), dozens of mobile phones and several flash motors.

We saw a high-end Tesla, an AMG 63 and other vehicles getting hoisted onto tow-trucks for removal.

We didn’t know whether to expect to see a lot of cash, given that ransomware crooks take payment in cryptocurrency; nevertheless, the total seized was said by the police to be UAH5,000,000, which comes out at about $200,000.

Law enforcement officers from the South Korean police can be seen in the raid, acting in what looked like the capacity of observers, presumably because four Korean companies were listed by the Ukranian police as victims in this case.

US law enforcement was also involved, with the Ukrainian report confirming that “[in] 2021, the defendants attacked and encrypted the personal data of employees and financial reports of Stanford University Medical School, the University of Maryland and the University of California.”

In other words, international co-operation can lead to suspects in cross-border cybercrimes being arrested and charged locally for attacks conducted against organisations overseas.

Here’s how the raids went down, because we know you want to watch what happened: