4 Arrested as Operation Endgame Disrupts Ransomware Botnets


Europol led Operation Endgame, the largest operation against botnets to date, focused on dismantling the infrastructure of malicious dropper networks that enabled ransomware attacks.

In a major crackdown on cybercrime, Europol announced on Monday the successful completion of Operation Endgame, a massive international effort to disrupt and dismantle dropper networks, including IcedID, SystemBC, Smokeloader, Trickbot, Pikabot, and Bumblebee.

The three-day operation, coordinated from Europol’s headquarters, resulted in the arrest of four suspects, the execution of over 16 searches, and the takedown of over 100 servers and 2,000 domains linked to these criminal activities.

For your information, Droppers are malicious software tools designed to bypass security measures and deploy additional harmful programs, such as viruses, ransomware, or spyware, onto a target system. They are often used during the first stage of a malware attack and play a major role in the deployment of ransomware.

Operation Endgame, the largest-ever operation against botnets, targeted the infrastructure of these dropper networks, which facilitated attacks with ransomware and other malicious software.

The operation was led by France, Germany, and the Netherlands and supported by Eurojust, Denmark, the United Kingdom, and the United States. Other countries, including Armenia, Bulgaria, Lithuania, Portugal, Romania, Switzerland, and Ukraine, also supported the operation with various actions, such as arrests, searches, and seizures of servers and domains.

The operation was also supported by several private partners at national and international level, including Bitdefender, Cryptolaemus, Sekoia, Shadowserver, Team Cymru, Prodaft, Proofpoint, NFIR, Computest, Northwave, Fox-IT, HaveIBeenPwned, Spamhaus, DIVD, abuse.ch, and Zscaler.

The operation resulted in the arrest of one suspect in Armenia and three in Ukraine, as well as the execution of 16 searches in Armenia, the Netherlands, Portugal, and Ukraine. Over 100 servers were taken down or disrupted in Bulgaria, Canada, Germany, Lithuania, the Netherlands, Romania, Switzerland, the United Kingdom, the United States, and Ukraine. Additionally, over 2,000 domains under the control of law enforcement were seized.

Further investigations, as per Europol’s press release, revealed that one of the main suspects earned over €69 million ($74 million – £58 million) in cryptocurrency by renting out criminal infrastructure sites to deploy ransomware. The suspect’s transactions are being monitored, and legal permission to seize these assets has been obtained.

The operation is a major blow to the dropper industry and a step in the fight against ransomware and other forms of cybercrime. However, Europol warned that Operation Endgame does not end here and that new actions will be announced on the official website of Operation Endgame.

The success of this operation shows cyber criminals may have become sophisticated but law enforcement agencies would always be a step ahead. It also highlights the need for continuous funding and innovation in cybersecurity measures and the importance of international cooperation in addressing online criminal activity.

  1. Finnish Dark Web Marketplace PIILOPUOTI Seized
  2. FBI Disrupts Chinese State-Backed Volt Typhoon’s KV Botnet
  3. LockBit Ransomware Gang Domains Seized in Global Operation
  4. Goldoon Botnet Targeting D-Link Devices, Exploits 9-Year-Old Flaw
  5. Operator of Major Proxy Botnet ‘IPStorm’ Arrested, Pleads Guilty in US





Source link