Clop, a hacking group proficient in ransomware and fluent in Russian, has its own website. Surprisingly, these criminals openly encourage their victims to negotiate a ransom for the return of their data as if it were a legitimate business transaction. Using a combination of professional language and bone-chilling threats, they urge users to initiate a dialogue within a three-day timeframe to discuss the price. As a sign of credibility, they even offer to provide encrypted specimen files as proof that they are not lying. Failure to comply with their demands results in the publication of all stolen data.
Similar to other ransomware groups, Clop’s webpage can only be accessed on the dark web through Tor (The Onion Router). Although this may sound complex, even a seven-year-old can access it within minutes. The homepage includes a resentful rant directed at the BBC for allegedly misrepresenting Clop’s activities. It concludes with a demand to the mainstream media: “Stop spreading propaganda by crafting interesting stories. The only story here is that we want money for our work. If we have your business files, you must pay. Engage in a reasonable conversation, and we can come to an agreement.”
According to Mikko Hypponen, the chief research officer at WithSecure in Helsinki and a renowned tracker of Russian cybercriminals, Clop is a Russian-speaking crime group based in Russia and Ukraine. Hypponen observes that since Russia’s invasion of Ukraine, the number of ransomware attacks originating from Ukraine has decreased, while those originating from Russia have increased.
Clop has been quite active in recent months. In June, the group announced that it had discovered a vulnerability in a software product called MOVEit, which consequently allowed them access to Zellis, a digital payroll provider. Although the BBC itself reported that Boots, British Airways, and the BBC were among the hundreds of companies impacted by this extensive ransomware attack, Clop denied extracting data from them. This dispute led to acrimonious exchanges with the broadcaster. While Zellis admitted that “a small number of our customers have been impacted by this global issue,” they refused to disclose their identities. In the meantime, Clop has started receiving payment or publishing material from other victims of the MOVEit hack. Despite governments often advising against it, many victims end up paying due to the significant potential damage to their reputation and resources.
Clop’s increased activity, along with other ransomware groups, can be attributed, in part, to the ongoing conflict in Ukraine. Although the connection may be ambiguous, it is impossible to comprehend Russian cybercrime without acknowledging its relationship with Russian national security interests. The Clop homepage offers a clue through a fascinating note halfway down: “PS. If you are a government, city, or police service, do not worry, we have erased all your data. You do not need to contact us. We have no interest in exposing such information.”
One might hope that there is a dose of honor among cyber thieves, and that Clop refrains from exposing governments or law enforcement due to a sense of public service. However, the true reason is more intricate. The origins of this story trace back to 2002, the Ukrainian port of Odesa, and one of the most extraordinary publicly organized conferences in post-cold war history.
The Hotel Odesa, usually known for its view of the city, wasn’t at the center of attention during May 2002. Instead, it hosted an obscure but remarkable event: the first and, to the best of my knowledge, the last conference openly organized for criminals. From various corners of the globe, 400 guests gathered to exchange ideas and share information about the latest developments in the world of cybercrime. Plenary sessions took place in the hotel, while smaller groups discussed topics such as “Why focus on Mastercard and Visa? Developing the niche markets of Diners, American Express” in local bars.
This groundbreaking event, known as the First Worldwide Carders Conference, was initiated by the administrators of carderplanet.com. These administrators, called “the family,” were a mixture of young Ukrainians and Russians who had grown up amidst the turbulent landscape of gangster capitalism. During the chaos following the collapse of the Soviet Union, new forms of economic activity emerged as conventional law and order faltered. The young criminals who attended the Odesa conference weren’t your typical gun-wielding gangsters. They possessed a unique skill set: advanced computer abilities. As Western businesses began exploring e-commerce, these criminals honed their skills. In this new world, security was not a top priority.
CarderPlanet, founded a year prior to the conference, revolutionized web-based criminal activity, particularly the lucrative trade in stolen or cloned credit card data. It solved the problem that plagued every cybercriminal: how can I trust this person I’m doing business with since they are also a criminal? To resolve this issue, the CarderPlanet administrators developed an escrow system for criminals. Acting as neutral guarantors, they mediated between vendors and purchasers in criminal credit and debit card transactions. This concept mirrored the emergence of the Sicilian mafia in the 1860s, when they started as independent mediators in unregulated markets.
In the 21st century, the vendor would send, for example, 5,000 stolen credit card details digitally to the escrow officer in Odesa. Simultaneously, the purchaser would send a stack of e-gold, a precursor to bitcoin, as payment. The escrow officer would randomly test a few cards at ATMs worldwide with the help of their “carder” friends. If the cards proved to be functional, CarderPlanet would keep the ATM money as their escrow fee before releasing the digital cash to the vendor and the card details to the purchaser. This escrow system sparked a global surge in credit card fraud, leading many criminals to amass substantial fortunes.
Denial of responsibility! VigourTimes is an automatic aggregator of Global media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, and all materials to their authors. For any complaint, please reach us at – [email protected]. We will take necessary action within 24 hours.
