Published: September 19, 2021 on our newsletter Security Fraud News & Alerts Newsletter.
First, let’s all take a moment to rejoice that a ransomware gang finally faced the law when six members of Clop ransomware group were tossed into a jail cell in the Ukraine. The arrests followed an Interpol international investigation and collaboration with law enforcement agencies in the United States and Republic of Korea. The arrested each face up to eight years in a Ukraine prison for now as the investigation continues to shed light on the criminal organization.
The Ukrainian police say Clop group is behind ransomware attacks totaling close to $500 million. The arrests may be great news for the victims of ransomware everywhere, but it’s a brief celebration for one big reason – Clop’s ransomware attacks continue despite the significant efforts to shut them down. The group’s ransom payment site and the site where victim data is leaked are still operating.
The joint effort by authorities shut down the ransomware virus infrastructure and blocked the channels used to launder cryptocurrency ransom payments. It’s not currently known if those arrested were affiliates of Clop or hardcore members of the ransomware group. According to BleepingComputer, the Ukraine forces went after those involved in money laundering for Clop since the other members were out of reach in Russia.
For those victims of Clop, the gang’s way of doing business doesn’t stray from the ransomware playbook, demanding a payment in exchange for the data decryption key. But with Clop, the group threatens to expose the confidential information of victims who choose not to pay the ransom, otherwise known as blackmail.
Since ransomware attacks can happen to any business at any time, knowing how to limit exposure to these attacks can help avoid them altogether. The best advice is not letting ransomware into a system in the first place. The options to do so start with employee cybereducation and training. A well-trained staff can avoid acting on phishing emails, a hacker favorite for installing malware on a system. When an employee knows what a malware attack looks like, they can also prevent them from taking root in a system.
Regular backups of system data can provide an alternative option to paying a ransom, and those backups should be kept separate from the system server. When a ransom is demanded, an organization can replace their encrypted data themselves and quickly get back to business as usual. The backups should be regularly tested so they work properly when needed.
As far as the data being exposed, not letting it happen in the first place by following good cybersecurity practices is the best bet. So, as the fight against ransomware ramps up, there’s hope that criminal groups like Clop and others will be put out of business for good.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org