Ukrainian police said on Wednesday they had arrested hackers behind a large ransomware gang.
The arrest marks the first time a law enforcement agency has announced the mass arrest of a prolific hacker group who extorted Americans by encrypting an organization’s files or threatening to disclose them to the public.
The gang, known as Cl0p, hacked into a number of US targets, including the University of Miami, Florida, Stanford University, the University of Maryland and the University of Colorado, demanding payment to keep their systems functional or not to publish documents they may have stolen.
The collapse comes as ransomware has grown from a quietly ubiquitous cybersecurity issue to a widely discussed national security issue, thanks to a series of high-profile attacks that have threatened to cripple some U.S. supply chains.
Ukraine’s announcement coincided with President Joe Biden’s meeting with Russian President Vladimir Putin in Geneva. Biden is expected to pressure Putin to take action against hackers who operate with impunity inside Russia’s borders.
Ransomware has become a big problem in the United States. Recent ransomware attacks briefly hampered the Colonial Pipeline, shutting down the country’s largest fuel pipeline for five days, and JBS, one of the country’s largest meat suppliers.
The majority of the most prolific ransomware gangs are believed to operate in Eastern Europe, and Russia in particular.
Ukrainian cyber police said they had arrested six people involved in Cl0p and seized a number of computers, cars and around 5 million Ukrainian hryvnias ($ 185,000) in cash.
A video released by Ukrainian authorities showed heavily armed officers descending on what appeared to be residences and grabbing everything from stacks of cash and computers to luxury cars.
While Cl0p is not the most prolific ransomware gang, it has still hacked dozens of targets, mostly in the United States and South Korea, since it became operational in the summer of 2020, has said Allan Liska, ransomware analyst at cybersecurity firm Recorded Future.
“Although they were not considered to be a major player in ransomware, their methods were quite sophisticated,” he said.
This is a developing story. Please check for updates.