Watch CBS News

Ukraine Authorities Arrest CL0P Ransomware Gang Linked To University Of Colorado Cyberattack

BOULDER, Colo. (CBS4) - Criminals tied to what is believed to be the largest cyberattack on the University of Colorado appear to have been arrested in the Ukraine. CU announced the leak in February and later said that it did not pay ransom demands.

ukraine university colorado cyberattack
(credit: CBS)

The Ukraine government has released video of the arrest. The arrests are of suspects associated with the CL0P ransomware gang, believed to have targeted CU.

Ukraine authorities believe the group may have caused a half-billion dollars in financial damages around the world. They claim to have shut down the infrastructure after searches of 21 homes and vehicles.

ukraine university colorado cyberattack
(credit: CBS)

It is not clear if those arrested are core members of the ransomware operation. The U.S. and South Korea helped in the international operation.

The attack targeted a vulnerability in the File Transfer Appliance from Accellion, a third-party vendor. CU Boulder was notified of the data breach on Jan. 25. The university's Office of Information Security determined files uploaded by 447 CU users were at risk of unauthorized access.

In March, CBS4 reported the ransomware group CL0P began gradually leaking data from more than two dozen Accellion hacks on the dark web, including data from CU. Officials said some staff who use the file transfer service received emails that their personal data had been stolen and would be published if the university didn't pay the $17 million ransom.

ukraine university colorado cyberattack
(credit: CBS)

The demand was later lowered to $5 million and the university does not intend to pay. The FBI says payment does not guarantee files will be recovered and it could encourage criminals to carry out future attacks.

CU announced it will provide credit and identity monitoring along with fraud consultation and identity theft restoration to those affected by the data breach. The bulk of the data came from CU Boulder but some other files were accessed from CU Denver. CU's Colorado Springs and Anschutz Medical Campus were not affected.

View CBS News In
CBS News App Open
Chrome Safari Continue
Be the first to know
Get browser notifications for breaking news, live events, and exclusive reporting.