{"id":43945,"date":"2021-11-16T00:00:00","date_gmt":"2021-11-16T00:00:00","guid":{"rendered":"urn:uuid:eac41070-f95a-b17f-0e36-045cd9641fb8"},"modified":"2021-11-16T00:00:00","modified_gmt":"2021-11-16T00:00:00","slug":"global-operations-lead-to-arrests-of-alleged-members-of-gandcrab-revil-and-cl0p-cartels","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/global-operations-lead-to-arrests-of-alleged-members-of-gandcrab-revil-and-cl0p-cartels\/","title":{"rendered":"Global Operations Lead to Arrests of Alleged Members of GandCrab\/REvil and Cl0p Cartels"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/k\/global-operations-lead-to-arrests-of-alleged-members-of-gandcrab-revil-and-cl0p-cartels\/gandcrab-revil-clop-main.jpg\"><\/p>\n<div><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/k\/global-operations-lead-to-arrests-of-alleged-members-of-gandcrab-revil-and-cl0p-cartels\/gandcrab-revil-clop-main.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>A total of 13 suspects believed to be members of two prolific cybercrime rings were arrested as a global coalition across five continents involving law enforcement and private partners, including Trend Micro, sought to crack down on big <a href=\"https:\/\/www.trendmicro.com\/vinfo\/tmr\/?\/us\/security\/definition\/ransomware\">ransomware<\/a> operators.<\/p>\n<p><span class=\"body-subhead-title\">About the GandCrab\/REvil arrests<\/span><\/p>\n<p>According to a report by <a href=\"https:\/\/www.interpol.int\/News-and-Events\/News\/2021\/Joint-global-ransomware-operation-sees-arrests-and-criminal-network-dismantled\" target=\"_blank\" rel=\"noopener\">Interpol<\/a>, the global operation, which was done by 19 law enforcement agencies in 17 countries, led to the apprehension of seven suspects linked as \u201caffiliates\u201d or partners of GandCrab\/REvil. The group is a prominent ransomware network deemed responsible for more than 7,000 attacks since early 2019.<\/p>\n<p>Code-named Quicksand (GoldDust), the operation was a collaboration between Interpol, Europol, law enforcement agencies, and private firms. Each contributed to the four-year-long investigations by sharing information and technical expertise.<\/p>\n<p><a href=\"https:\/\/www.trendmicro.com\/vinfo\/tmr\/?\/us\/security\/news\/cybercrime-and-digital-threats\/ransomware-double-extortion-and-beyond-revil-clop-and-conti\">REvil<\/a> (aka Sodinokibi) and GandCrab, believed to be manned by the same individuals, peddle <a href=\"https:\/\/www.trendmicro.com\/vinfo\/tmr\/?\/us\/security\/definition\/ransomware-as-a-service-raas\">ransomware-as-a-service<\/a> (Raas), renting out ransomware code to other cybercriminals. Set up with groups known as affiliates, the scheme includes intrusions into companies, deployment of ransomware, and demand for ransom, after which profits are shared with the rest of the coders.<\/p>\n<p>A <a href=\"https:\/\/www.europol.europa.eu\/newsroom\/news\/five-affiliates-to-sodinokibi\/revil-unplugged\" target=\"_blank\" rel=\"noopener\">report by Europol<\/a> estimates that over \u20ac200 million in ransom demands had been made collectively since 2019 by the seven suspects from all the attacks that were carried out.<\/p>\n<p>The formidable global coalition enabled the following:<\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">Korean law enforcement\u2019s arrest of three suspects in February, April, and October<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Kuwaiti authorities\u2019 arrest of a man who allegedly carried out ransomware attacks using the GandCrab ransomware<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Romanian authorities\u2019 arrest of two individuals suspected of ransomware cyberattacks and linked to more than 5,000 infections and half a million euros in ransom payments<\/span><\/li>\n<li><span class=\"rte-red-bullet\">The arrest of a man suspected of deploying the Kaseya ransomware attack, thought to have been done in July 2021 by the REvil group with more than 1,500 people and 1,000 businesses affected worldwide<\/span><\/li>\n<\/ul>\n<p><span class=\"body-subhead-title\">Trend Micro\u2019s monitoring of GandCrab\/REvil<\/span><\/p>\n<p>Trend Micro has kept a close eye on this malware family since as early as 2018, when we reported the <a href=\"https:\/\/www.trendmicro.com\/vinfo\/tmr\/?\/us\/security\/news\/cybercrime-and-digital-threats\/-egg-files-in-spam-delivers-gandcrab-v4-3-ransomware-to-south-korean-users\">discovery of GandCrab v4.3<\/a>, which targeted South Korean users through spam emails. The spam emails used EGG (.egg) files to deliver the GandCrab v4.3 ransomware (detected by Trend Micro as Ransom_GANDCRAB.TIAOBHO). EGG is a compressed archive file format (similar to ZIP) that is commonly used in South Korea. Evidence indicated that the attack was aimed toward South Korean users for its use of Hangul in the subject, body, and attachment file name of the spam emails.<\/p>\n<p>In 2019, Trend Micro announced <a href=\"https:\/\/www.trendmicro.com\/vinfo\/tmr\/?\/us\/threat-encyclopedia\/spam\/3676\/gandcrab-ransomware-gets-distributed-via-fake-shipping-notification-written-in-korean\">another noteworthy GandCrab ransomware attack<\/a>, also in South Korea. Spam emails made the rounds with the subject \u201cSHIPPED ORDER INCORRECT.\u201d The messages posed as shipping order notifications from a known courier delivery service company and were designed to dupe the recipients into opening the email attachment. As with the first attack, the email body was written in Korean and contained a RAR attachment that supposedly contained information on the parcel.<\/p>\n<p><span class=\"body-subhead-title\">About the Cl0p arrest<\/span><b><\/b><\/p>\n<p>Another milestone for the global public-private alliance aimed at dismantling cybercrime rings is the arrest of six suspected members of the ransomware group Cl0p, following a 30-month joint investigation into attacks against South Korean companies and US academic institutions.<\/p>\n<p>The task force, acted on the request by South Korea\u2019s cybercrime investigation division, enabled the arrest of alleged gang members in Ukraine. The operation involved Interpol, Europol, and law enforcement authorities in South Korea, Ukraine, and the US in June.<\/p>\n<p>Codenamed Operation Cyclone, it had global police pursuing the Cl0p malware operators in Ukraine for allegedly targeting private businesses in South Korea and the US. <a href=\"https:\/\/www.interpol.int\/News-and-Events\/News\/2021\/INTERPOL-led-operation-takes-down-prolific-cybercrime-ring\" target=\"_blank\" rel=\"noopener\">Interpol<\/a> reports that Cl0p\u2019s attacks impeded access to their computer files and networks, and subsequently demanded huge ransoms for restoring access.<\/p>\n<p>The suspects allegedly facilitated the transfer and cash-out of assets on the ransomware group\u2019s behalf while threatening to release sensitive data to the public if demands for additional payments were declined. The six suspects are believed to be closely connected to a Russian-language cybercrime network known for naming and shaming its victims on a Tor leak site and, more notably, for amassing more than US$500 million in funds related to several ransomware attacks. Cl0p\u2019s activities target essential infrastructures and industries, such as transportation and logistics, education, manufacturing, energy, financial, aerospace, telecommunications, and healthcare.<\/p>\n<p>Operation Cyclone was deployed with assistance and information given by Trend Micro and other private cybersecurity firms. The synergy in intelligence gathering enabled the Ukrainian police to search more than 20 houses, businesses, and vehicles, and seize property, computers, and cash amounting to US$185,000.<\/p>\n<p><span class=\"body-subhead-title\">Trend Micro\u2019s monitoring of Cl0p<\/span><\/p>\n<p>Trend Micro Research has written extensively about <a href=\"https:\/\/www.trendmicro.com\/vinfo\/tmr\/?\/us\/security\/news\/cybercrime-and-digital-threats\/ransomware-recap-clop-deathransom-and-maze-ransomware\">Cl0p<\/a> and <a href=\"https:\/\/www.trendmicro.com\/vinfo\/tmr\/?\/us\/security\/news\/cybercrime-and-digital-threats\/ransomware-double-extortion-and-beyond-revil-clop-and-conti\">other ransomware actors<\/a> as it helps organizations to effectively deal with ransomware attacks.<\/p>\n<p>Cl0p (unstylized as Clop) first became known as a variant of the CryptoMix ransomware family. In 2020, the group behind Cl0p publicized the data of a <a href=\"https:\/\/techcrunch.com\/2020\/04\/27\/execupharm-clop-ransomware\/\" target=\"_blank\" rel=\"noopener\">pharmaceutical company<\/a> in its maiden attempt at the double extortion scheme. Since then, the group\u2019s extortion tactics have become increasingly sophisticated and thus more destructive.<\/p>\n<p>Operators hold their target organization under duress by sending out emails to initiate negotiations. If messages are ignored, they threaten to publicize and auction off stolen data on the data leak site \u201cCl0p^_-Leaks\u201d. In addition, Cl0p ransomware operators employ other extortion techniques, such as going after <a href=\"https:\/\/www.zdnet.com\/article\/some-ransomware-gangs-are-going-after-top-execs-to-pressure-companies-into-paying\/\" target=\"_blank\" rel=\"noopener\">top executives<\/a> and <a href=\"https:\/\/securityaffairs.co\/wordpress\/116029\/cyber-crime\/clop-ransomware-extortion.html\" target=\"_blank\" rel=\"noopener\">customers<\/a> to pressure companies to pay up.<\/p>\n<p><span class=\"body-subhead-title\">Defending networks and systems from ransomware<\/span><b><\/b><\/p>\n<p>Thwarting ransomware requires collaborative efforts from both law enforcement agencies and private companies like cybersecurity vendors.&nbsp;For its part, Trend Micro has been collaborating with law enforcement agencies to provide them with threat intelligence needed to aid in their investigations in order to combat ransomware and other cyberthreats.<\/p>\n<p>There is no doubt that ransomware will persist as a significant security threat, one that is expected to multiply and advance in complexity. As we\u2019ve seen, ransomware rapidly evolves into an even more destructive threat. To protect networks and systems from ransomware, organizations and users are advised to follow these best practices:<\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">Avoid downloading attachments and clicking on links in emails from unverified sources.<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Regularly patch and update operating systems, programs, and software.<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Periodically back up files by observing the&nbsp;<a href=\"https:\/\/www.trendmicro.com\/vinfo\/tmr\/?\/us\/security\/news\/virtualization-and-cloud\/best-practices-backing-up-data\">3-2-1 rule<\/a>: Create at least three copies of the data, store it in two different formats, and keep at least one duplicate off-site.<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Follow&nbsp;security frameworks such as those set by the&nbsp;<a href=\"https:\/\/www.cisecurity.org\/controls\/\" target=\"_blank\" rel=\"noopener\">Center of Internet Security<\/a>&nbsp;and the&nbsp;<a href=\"https:\/\/www.nist.gov\/cyberframework\" target=\"_blank\" rel=\"noopener\">National Institute of Standards and Technology<\/a> to reduce overall risk levels and exposure to threats and vulnerabilities that ransomware operators may use.<\/span><\/li>\n<\/ul>\n<p>As threat actors are always waiting for the opportunity to pounce on the next victim, investing in cross-layered detection and response solutions can save organizations a lot of headache and expense. <a href=\"https:\/\/www.trendmicro.com\/en_us\/business\/products\/detection-response\/managed-xdr-mdr.html\">Trend Micro Vision One\u2122\ufe0f with Managed XDR<\/a> is a cybersecurity platform that provides visibility into the early activities of modern ransomware attacks to help detect and block ransomware components so that attacks are thwarted even before cybercriminals are able to exfiltrate sensitive data.<\/p>\n<p> Read More <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/21\/k\/global-operations-lead-to-arrests-of-alleged-members-of-gandcrab.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A total of 13 suspects believed to be members of two prolific cybercrime rings were arrested as a global coalition across five continents involving law enforcement and private partners, including Trend Micro, sought to crack down on big ransomware operators. Read More HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":43946,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[9510,9511,9534,9539],"class_list":["post-43945","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-trend-micro-research-articles-news-reports","tag-trend-micro-research-cyber-threats","tag-trend-micro-research-latest-news","tag-trend-micro-research-ransomware"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Global Operations Lead to Arrests of Alleged Members of GandCrab\/REvil and Cl0p Cartels 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/global-operations-lead-to-arrests-of-alleged-members-of-gandcrab-revil-and-cl0p-cartels\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Global Operations Lead to Arrests of Alleged Members of GandCrab\/REvil and Cl0p Cartels 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/global-operations-lead-to-arrests-of-alleged-members-of-gandcrab-revil-and-cl0p-cartels\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-11-16T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/k\/global-operations-lead-to-arrests-of-alleged-members-of-gandcrab-revil-and-cl0p-cartels\/gandcrab-revil-clop-main.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/global-operations-lead-to-arrests-of-alleged-members-of-gandcrab-revil-and-cl0p-cartels\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/global-operations-lead-to-arrests-of-alleged-members-of-gandcrab-revil-and-cl0p-cartels\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Global Operations Lead to Arrests of Alleged Members of GandCrab\\\/REvil and Cl0p Cartels\",\"datePublished\":\"2021-11-16T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/global-operations-lead-to-arrests-of-alleged-members-of-gandcrab-revil-and-cl0p-cartels\\\/\"},\"wordCount\":1182,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/global-operations-lead-to-arrests-of-alleged-members-of-gandcrab-revil-and-cl0p-cartels\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/11\\\/global-operations-lead-to-arrests-of-alleged-members-of-gandcrab-revil-and-cl0p-cartels.jpg\",\"keywords\":[\"Trend Micro Research : Articles, News, Reports\",\"Trend Micro Research : Cyber Threats\",\"Trend Micro Research : Latest News\",\"Trend Micro Research : Ransomware\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/global-operations-lead-to-arrests-of-alleged-members-of-gandcrab-revil-and-cl0p-cartels\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/global-operations-lead-to-arrests-of-alleged-members-of-gandcrab-revil-and-cl0p-cartels\\\/\",\"name\":\"Global Operations Lead to Arrests of Alleged Members of GandCrab\\\/REvil and Cl0p Cartels 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/global-operations-lead-to-arrests-of-alleged-members-of-gandcrab-revil-and-cl0p-cartels\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/global-operations-lead-to-arrests-of-alleged-members-of-gandcrab-revil-and-cl0p-cartels\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/11\\\/global-operations-lead-to-arrests-of-alleged-members-of-gandcrab-revil-and-cl0p-cartels.jpg\",\"datePublished\":\"2021-11-16T00:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/global-operations-lead-to-arrests-of-alleged-members-of-gandcrab-revil-and-cl0p-cartels\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/global-operations-lead-to-arrests-of-alleged-members-of-gandcrab-revil-and-cl0p-cartels\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/global-operations-lead-to-arrests-of-alleged-members-of-gandcrab-revil-and-cl0p-cartels\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/11\\\/global-operations-lead-to-arrests-of-alleged-members-of-gandcrab-revil-and-cl0p-cartels.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/11\\\/global-operations-lead-to-arrests-of-alleged-members-of-gandcrab-revil-and-cl0p-cartels.jpg\",\"width\":641,\"height\":350},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/global-operations-lead-to-arrests-of-alleged-members-of-gandcrab-revil-and-cl0p-cartels\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trend Micro Research : Articles, News, Reports\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/trend-micro-research-articles-news-reports\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Global Operations Lead to Arrests of Alleged Members of GandCrab\\\/REvil and Cl0p Cartels\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Global Operations Lead to Arrests of Alleged Members of GandCrab\/REvil and Cl0p Cartels 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/global-operations-lead-to-arrests-of-alleged-members-of-gandcrab-revil-and-cl0p-cartels\/","og_locale":"en_US","og_type":"article","og_title":"Global Operations Lead to Arrests of Alleged Members of GandCrab\/REvil and Cl0p Cartels 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/global-operations-lead-to-arrests-of-alleged-members-of-gandcrab-revil-and-cl0p-cartels\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-11-16T00:00:00+00:00","og_image":[{"url":"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/k\/global-operations-lead-to-arrests-of-alleged-members-of-gandcrab-revil-and-cl0p-cartels\/gandcrab-revil-clop-main.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/global-operations-lead-to-arrests-of-alleged-members-of-gandcrab-revil-and-cl0p-cartels\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/global-operations-lead-to-arrests-of-alleged-members-of-gandcrab-revil-and-cl0p-cartels\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Global Operations Lead to Arrests of Alleged Members of GandCrab\/REvil and Cl0p Cartels","datePublished":"2021-11-16T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/global-operations-lead-to-arrests-of-alleged-members-of-gandcrab-revil-and-cl0p-cartels\/"},"wordCount":1182,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/global-operations-lead-to-arrests-of-alleged-members-of-gandcrab-revil-and-cl0p-cartels\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/11\/global-operations-lead-to-arrests-of-alleged-members-of-gandcrab-revil-and-cl0p-cartels.jpg","keywords":["Trend Micro Research : Articles, News, Reports","Trend Micro Research : Cyber Threats","Trend Micro Research : Latest News","Trend Micro Research : Ransomware"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/global-operations-lead-to-arrests-of-alleged-members-of-gandcrab-revil-and-cl0p-cartels\/","url":"https:\/\/www.threatshub.org\/blog\/global-operations-lead-to-arrests-of-alleged-members-of-gandcrab-revil-and-cl0p-cartels\/","name":"Global Operations Lead to Arrests of Alleged Members of GandCrab\/REvil and Cl0p Cartels 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/global-operations-lead-to-arrests-of-alleged-members-of-gandcrab-revil-and-cl0p-cartels\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/global-operations-lead-to-arrests-of-alleged-members-of-gandcrab-revil-and-cl0p-cartels\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/11\/global-operations-lead-to-arrests-of-alleged-members-of-gandcrab-revil-and-cl0p-cartels.jpg","datePublished":"2021-11-16T00:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/global-operations-lead-to-arrests-of-alleged-members-of-gandcrab-revil-and-cl0p-cartels\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/global-operations-lead-to-arrests-of-alleged-members-of-gandcrab-revil-and-cl0p-cartels\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/global-operations-lead-to-arrests-of-alleged-members-of-gandcrab-revil-and-cl0p-cartels\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/11\/global-operations-lead-to-arrests-of-alleged-members-of-gandcrab-revil-and-cl0p-cartels.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/11\/global-operations-lead-to-arrests-of-alleged-members-of-gandcrab-revil-and-cl0p-cartels.jpg","width":641,"height":350},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/global-operations-lead-to-arrests-of-alleged-members-of-gandcrab-revil-and-cl0p-cartels\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Trend Micro Research : Articles, News, Reports","item":"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-research-articles-news-reports\/"},{"@type":"ListItem","position":3,"name":"Global Operations Lead to Arrests of Alleged Members of GandCrab\/REvil and Cl0p Cartels"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/43945","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=43945"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/43945\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/43946"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=43945"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=43945"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=43945"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}