By Jennifer McRae

BOULDER, Colo. (CBS4) – Criminals tied to what is believed to be the largest cyberattack on the University of Colorado appear to have been arrested in the Ukraine. CU announced the leak in February and later said that it did not pay ransom demands.

(credit: CBS)

The Ukraine government has released video of the arrest. The arrests are of suspects associated with the CL0P ransomware gang, believed to have targeted CU.

READ MORE: Denver To Replace 8th Avenue Bridge Over South Platte River

Ukraine authorities believe the group may have caused a half-billion dollars in financial damages around the world. They claim to have shut down the infrastructure after searches of 21 homes and vehicles.

(credit: CBS)

It is not clear if those arrested are core members of the ransomware operation. The U.S. and South Korea helped in the international operation.

READ MORE: 3D-Printed Lamborghini Built By Colorado Family Is On Display At The Denver Auto Show

The attack targeted a vulnerability in the File Transfer Appliance from Accellion, a third-party vendor. CU Boulder was notified of the data breach on Jan. 25. The university’s Office of Information Security determined files uploaded by 447 CU users were at risk of unauthorized access.

In March, CBS4 reported the ransomware group CL0P began gradually leaking data from more than two dozen Accellion hacks on the dark web, including data from CU. Officials said some staff who use the file transfer service received emails that their personal data had been stolen and would be published if the university didn’t pay the $17 million ransom.

(credit: CBS)

The demand was later lowered to $5 million and the university does not intend to pay. The FBI says payment does not guarantee files will be recovered and it could encourage criminals to carry out future attacks.

MORE NEWS: Naming Board Approves Changing Squaw Mountain In Colorado’s Foothills To Mestaa’ėhehe Mountain

CU announced it will provide credit and identity monitoring along with fraud consultation and identity theft restoration to those affected by the data breach. The bulk of the data came from CU Boulder but some other files were accessed from CU Denver. CU’s Colorado Springs and Anschutz Medical Campus were not affected.

Jennifer McRae