Wanted: cybercriminals behind global malware campaign

Interpol issues arrest warrants for Clop ransomware gang members

Interpol has issues two ‘red notice’ alerts as part of a 30-month investigation into a “global malware crime network”.

The law enforcement agency announced in a press release that the red notices – internationally wanted person alerts – have been circulated to its 194 member countries following a request made by South Korean authorities.

It relates to a major arrest in June, when six people were detained in Ukraine for their alleged involvement in a “notorious ransomware family” known as ‘Clop’.


The investigation, nicknamed ‘Operation Cyclone’, saw Ukrainian police search more than 20 houses, businesses, and vehicles, confiscate property and computers, seize $185,000 in cash assets, and make the six arrests.

Those arrested were reported to have facilitated the transfer and cash-out of assets on behalf of the ransomware group whilst also threatening to make sensitive data public if additional payments were not made.

“Clop malware operators in Ukraine allegedly attacked private and business targets in Korea and the US by blocking access to their computer files and networks, and then demanded extortionate ransoms for restoring access,” Interpol said.

A screenshot from a video showing the arrest of the six individuals

Read more of the latest cybercrime news

If convicted, the suspects face up to eight years in prison.

Interpol continued: “The six suspects are believed to be tightly linked to a Russian-language cybercriminal gang known for naming-and-shaming its victims on a Tor leak site, and for moving more than $500 million in funds linked to multiple ransomware activities.

“Their attacks target key infrastructure, such as transportation and logistics, education, manufacturing, energy, financial, aerospace, telecommunications, healthcare, and high-tech sectors worldwide.”

DON’T MISS Ransomware cybercriminals linked to Norsk Hydro attack fall prey to Europol swoop