Despite the escalating ransomware crisis, the Cl0p investigation remains an all-too-rare success story. The incident marks the first time a law enforcement agency has announced a mass arrest of a prolific hacker group responsible for extorting Americans and others by either encrypting an organization’s files or threatening to leak them to the public.
In light of this, below are a few more findings supported by substantial evidence:
The C10p Arrest Uncovered: The Highlights
Recent ransomware attacks in the U. S. briefly hobbled the Colonial Pipeline, shutting down the country’s largest fuel pipeline for five days, and JBS, one of the country’s largest meat suppliers. C10p has targeted several high-profile victims since 2019 including three American universities: Stanford University Medical School, the University of Maryland and the University of California, demanding a payment to either maintain their systems or to not publish material they had stolen.
Authorities also stated that the group is also responsible for at least four corporate cyberattacks in South Korea. Further, they were alleged to be in collaboration with or have ties to other cybercriminal organizations, including the financial crimes group FIN11 and the malware distribution organization dubbed TA505.
On a positive note, the Ukrainian authorities stated that they have arrested several members of C10p. A video posted online by Ukrainian police features some of the raids and includes officers confiscating property, including luxury cars, computers and approximately 5 million Ukrainian hryvnias ($185,000) in cash.
The Police mentioned that the total amount in damages “reaches $500 million.” Police also added that 21 searches were conducted “in the capital and Kyiv region, in the homes of the defendants and their cars.”
Previously, between 2019 and 2021, Ukrainian police identified several instances in which hackers threatened to reveal the personal information of people within the companies or universities being attacked, “unless they received a ransom in return”, the National Police of Ukraine said in a statement.
Where C10p And FinTelegram Converge
This discussion eventually leads to the observation that FinTelegram operated by Cyber Intelligence Services LLC, the “self-purported cyber-crime watchdog” similarly engages in fraudulent practices, stopping at nothing to threaten, coerce, or defame their former partners, now victims. Cyber Intelligence Services LLC operates several identical sites such as FinTelegram.com, FinTelegram.media, Fintel.news and others, which masqueraded as an investigation platform. The company is riddled by three convicted fraudsters – Werner Boehm, Elfriede Sixt and Alfred Dobias.
Similar to C10p, FinTelegram turns on former colleagues who have worked with the owners of FinTelegram and refused to cooperate with their criminal ways, accusing them of criminal activity. Their sites are used to systematically lay out false allegations against these colleagues and highlight their involvement in said criminal activities.
To elaborate, FinTelegram smears their names unjustly. They manipulate their former partners into concealing criminal activities the owners were either involved in or privy to through their joint work, whilst discrediting any evidence the former partners might provide to the authorities. Slowly but surely, they discredit any evidence submitted to law enforcement – thus hampering justice.
Austria’s Ministry of the Interior, which oversees police and public security, has cited Israeli citizen Ilan Tzorya, founder of the binary options platform Tradologic, as one of the masterminds of a “pan-European” fraud scheme that allegedly netted over 200 million euros.
The January/February 2021 issue of the ministry’s magazine “Öffentliche Sicherheit” (Public Safety), featured an article describing how federal police have, since 2017, investigated an Israeli-run multinational ring of allegedly fraudulent call centres running financial websites. The investigation has thus far led to 11 suspects being taken into custody as well as a conviction of Tzorya’s former business associate Gal Barak.
“The accused Israeli citizen Ilan T. [Tzorya] is considered to be one of the masterminds behind the websites Option888 and OptionStars,” the article said. “He was confronted by investigators from the Federal Criminal Police Office in Vienna with the allegations,” it added.
To Conclude on Cyber Intelligence Services LLC
Coincided as ransomware transitions from a quietly pervasive cybersecurity problem to a broadly discussed global security concern, the collaborative law enforcement process led to the C10p hacker group takedown. Nonetheless, this event underscores why stopping the broader ransomware threat remains a distant dream. Ukraine was willing to help this time, but until Russia does the same very little will change.
Similarly, when will FinTelegram’s owners, Werner Boehm and Ilan Tzorya, international criminals possibly shun away from pushing their personal agendas as an elaborate, evil, instrument of extortion and obstruction of justice? From discrediting evidence to win favour on their part, it is no surprise why FinTelegram is nothing more than a covert extortion tactic and obstruction of justice, today. Action must be taken with haste to apprehend these criminals.