An international operation conducted by Ukrainian police in conjunction with law enforcement officers from the United States and the Republic of Korea led to arrest of six members of the Clop ransomware gang.

The suspects have been accused of running a double extortion scheme, threatening to leak victims’ sensitive information if ransom demand is not paid.

According to the National Police of Ukraine, victims included Stanford University’s Medical School, the University of Maryland, the University of California and a number of unnamed Korean organizations.

The attacks involved the use of the Clop ransomware, as well as other hacking tools, such as Cobalt Strike and FlawedAmmyy RAT causing estimated damages of up to $500 million, the Ukrainian police said in a statement.

The police have carried out 21 raids in the Ukrainian capital of Kyiv, including the homes of the defendants, resulting in the seizure of computer equipment, luxury cars, and 5 million hryvnias ($184,679) in cash. The law enforcement also shut down the infrastructure used to spread the malware and blocked channels for legalizing criminally acquired cryptocurrencies.

At present, it is not clear if the arrested individuals are affiliates or core members of the Clop ransomware operation. If convicted, each defendant faces up to eight years in prison for violating computer crime and money-laundering laws.