The Clop ransomware members that were recently arrested laundered over $500M in ransomware payments for several malicious actors.
The members of the Clop ransomware gang that were recently arrested in Ukraine laundered over $500M for several cybercrime groups.
Data related to the money laundering activities were provided by the cryptocurrency exchange portal Binance, who tracked the group as FancyCat, the funds resulted from the operations of Clop and Petya ransomware.
The funds were laundered investing in multiple forms of cybercrimes.
Binance investigated the transactions associated with the threat actors with the help of blockchain analysis firms TRM Labs and Crystal (BitFury).
The experts shared their findings with the law enforcement that arrested six members of the Clop/FancyCat group.
“More recently Binance Security has been taking part in an international investigation with Ukraine Cyber Police, Cyber Bureau of Korean National Police Agency, US Law Enforcement, Spanish Civil Guard, and Swiss Federal Office of Police, among others, in apprehending a prolific cybercriminal ring. The group — also known as FANCYCAT — has been running multiple criminal activities: distributing cyber attacks; operating a high-risk exchanger; and laundering money from dark web operations and high-profile cyber attacks such as Cl0p and Petya ransomware.” reads the post published by Binance. “In all, FANCYCAT is responsible for over $500M worth of damages in connection with ransomware and millions more from other cybercrimes.”
According to Binance, the six individuals were not part of the core of the Clop ransomware gang, instead, they were only marginally involved in the financial activities of the group, for this reason, the operations are still active.
A few days after the operations conducted by the authorities, the ransomware gang made the headlines again by releasing the data stolen from new victims.
“We applied the two-pronged approach to the FANCYCAT investigation: our AML detection and analytics program detected suspicious activity on Binance.com and expanded the suspect cluster. Once we mapped out the complete suspect network, we worked with private sector chain analytics companies TRM Labs and Crystal (BitFury) to analyze on-chain activity and gain a better understanding of this group and its attribution.” concludes the report. “Based on our analysis we found that this specific group was not only associated with laundering Cl0p attack funds, but also with Petya and other illegally-sourced funds. This led to the identification and eventual arrest of FANCYCAT.”
Early this year Binance released a study on our first Bulletproof Exchanger Project that focused on anti-ransomware initiative. The project also involved the Ukraine Cyber Police and lead to the arrest of a major cybercriminal group laundering over $42M of illicit funds.
Follow me on Twitter: @securityaffairs and Facebook
(SecurityAffairs – hacking, ransomware)
Share On
Pierluigi Paganini
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at “Cyber Defense Magazine”, Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog “Security Affairs” recently named a Top National Security Resource for US. Pierluigi is a member of the “The Hacker News” team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books “The Deep Dark Web” and “Digital Virtual Currency and Bitcoin”.
The Clop ransomware members that were recently arrested laundered over $500M in ransomware payments for several malicious actors.
The members of the Clop ransomware gang that were recently arrested in Ukraine laundered over $500M for several cybercrime groups.
Data related to the money laundering activities were provided by the cryptocurrency exchange portal Binance, who tracked the group as FancyCat, the funds resulted from the operations of Clop and Petya ransomware.
The funds were laundered investing in multiple forms of cybercrimes.
Binance investigated the transactions associated with the threat actors with the help of blockchain analysis firms TRM Labs and Crystal (BitFury).
The experts shared their findings with the law enforcement that arrested six members of the Clop/FancyCat group.
“More recently Binance Security has been taking part in an international investigation with Ukraine Cyber Police, Cyber Bureau of Korean National Police Agency, US Law Enforcement, Spanish Civil Guard, and Swiss Federal Office of Police, among others, in apprehending a prolific cybercriminal ring. The group — also known as FANCYCAT — has been running multiple criminal activities: distributing cyber attacks; operating a high-risk exchanger; and laundering money from dark web operations and high-profile cyber attacks such as Cl0p and Petya ransomware.” reads the post published by Binance. “In all, FANCYCAT is responsible for over $500M worth of damages in connection with ransomware and millions more from other cybercrimes.”
According to Binance, the six individuals were not part of the core of the Clop ransomware gang, instead, they were only marginally involved in the financial activities of the group, for this reason, the operations are still active.
A few days after the operations conducted by the authorities, the ransomware gang made the headlines again by releasing the data stolen from new victims.
“We applied the two-pronged approach to the FANCYCAT investigation: our AML detection and analytics program detected suspicious activity on Binance.com and expanded the suspect cluster. Once we mapped out the complete suspect network, we worked with private sector chain analytics companies TRM Labs and Crystal (BitFury) to analyze on-chain activity and gain a better understanding of this group and its attribution.” concludes the report. “Based on our analysis we found that this specific group was not only associated with laundering Cl0p attack funds, but also with Petya and other illegally-sourced funds. This led to the identification and eventual arrest of FANCYCAT.”
Early this year Binance released a study on our first Bulletproof Exchanger Project that focused on anti-ransomware initiative. The project also involved the Ukraine Cyber Police and lead to the arrest of a major cybercriminal group laundering over $42M of illicit funds.
Follow me on Twitter: @securityaffairs and Facebook
(SecurityAffairs – hacking, ransomware)