• ITVI.USA
    15,379.620
    -113.610
    -0.7%
  • OTLT.USA
    2.786
    -0.021
    -0.7%
  • OTRI.USA
    21.500
    -0.060
    -0.3%
  • OTVI.USA
    15,349.750
    -127.770
    -0.8%
  • TSTOPVRPM.ATLPHL
    3.300
    -0.240
    -6.8%
  • TSTOPVRPM.CHIATL
    2.950
    -0.020
    -0.7%
  • TSTOPVRPM.DALLAX
    1.440
    0.000
    0%
  • TSTOPVRPM.LAXDAL
    3.310
    0.060
    1.8%
  • TSTOPVRPM.PHLCHI
    2.150
    0.020
    0.9%
  • TSTOPVRPM.LAXSEA
    3.950
    -0.100
    -2.5%
  • WAIT.USA
    126.000
    1.000
    0.8%
  • ITVI.USA
    15,379.620
    -113.610
    -0.7%
  • OTLT.USA
    2.786
    -0.021
    -0.7%
  • OTRI.USA
    21.500
    -0.060
    -0.3%
  • OTVI.USA
    15,349.750
    -127.770
    -0.8%
  • TSTOPVRPM.ATLPHL
    3.300
    -0.240
    -6.8%
  • TSTOPVRPM.CHIATL
    2.950
    -0.020
    -0.7%
  • TSTOPVRPM.DALLAX
    1.440
    0.000
    0%
  • TSTOPVRPM.LAXDAL
    3.310
    0.060
    1.8%
  • TSTOPVRPM.PHLCHI
    2.150
    0.020
    0.9%
  • TSTOPVRPM.LAXSEA
    3.950
    -0.100
    -2.5%
  • WAIT.USA
    126.000
    1.000
    0.8%
CybersecurityNewsOEMRailTop StoriesTrucking

Ransomware gang behind Utility, CSX attacks feels heat in Ukraine

Police arrest 6 alleged members of Clop, shut down infrastructure

Ukrainian police have dealt a serious blow to the ransomware gang behind the cyberattacks in the U.S. transportation and logistics sector  — including the trailer maker Utility and rail operator CSX — arresting six alleged members of Clop and seizing cash, computers and cars.

The National Police of Ukraine said Wednesday it made the arrests as part of an operation with U.S. and South Korean law enforcement and Interpol. Beyond nabbing the alleged cybercriminals, police said they shut down the infrastructure used to stage the attacks. 

Clop’s attacks have cost its victims about $500 million, police said. The hackers targeted companies across the world — and publicly acknowledged many of its attacks through a leak site. It extorted companies through their initial attacks and the threat of leaking stolen data. 

Footage of Ukrainian and South Korea police raiding the homes of alleged members of the Clop ransomware gang.

The ransomware gang attempted to extort California-based Utility Trailer Manufacturing in May by leaking 5 gigabytes of stolen data to the dark web. In March, Clop took a similar approach with CSX Corp. (NASDAQ:CSX), leaking data that included personal information about current and former employees.

Clop also targeted Canadian fuel distributor Parkland. In addition, it claimed that it attacked Canadian trucking firm Boutin Express and Minnesota truck dealership Allstate Peterbilt, though neither company responded to requests for comments about the apparent attacks. 

It’s unclear if the operation, which included 21 raids in Ukraine’s capital, Kyiv, succeeded in shutting down Clop. The group’s dark web leak site was still online as of Wednesday morning.

It comes as international law enforcement turns on the heat on the criminals behind ransomware attacks. Last week, the U.S. Department of Justice announced it had seized most of the ransom paid to members of DarkSide by Colonial Pipeline. 

Click for more FreightWaves articles by Nate Tabak

Nate Tabak, Border and North America Correspondent

Nate Tabak is a Toronto-based journalist and producer who covers cybersecurity and cross-border trucking and logistics for FreightWaves. He spent seven years reporting stories in the Balkans and Eastern Europe as a reporter, producer and editor based in Kosovo. He previously worked at newspapers in the San Francisco Bay Area, including the San Jose Mercury News. He graduated from UC Berkeley, where he studied the history of American policing. Contact Nate at ntabak@freightwaves.com.

Leave a Reply

Your email address will not be published. Required fields are marked *

We are glad you’re enjoying the content

Sign up for a free FreightWaves account today for unlimited access to all of our latest content

By signing in for the first time, I give consent for FreightWaves to send me event updates and news. I can unsubscribe from these emails at any time. For more information please see our Privacy Policy.