The Hague, Netherlands — A coordinated international operation this week disrupted some of the world’s “most dangerous malware” and led to the issuance of 20 arrest warrants, EU anti-crime bodies Europol and Eurojust said Friday.
Authorities took down more than 300 servers worldwide, neutralized 650 domains and seized 3.5 million euros ($3.9 million) in cryptocurrency, they said.
The coordinated crackdown has dealt “a direct blow to the ransomware kill chain”, breaking it “at its source”, said Europol, the European Union’s criminal police agency.
The software taken down, known as “initial access malware”, is used “for initial infection, helping cybercriminals to enter victims’ systems unnoticed and load more malware onto their devices, such as ransomware”, the Hague-based agencies said.
The crackdown — involving authorities from Britain, Canada, Denmark, France, Germany, the Netherlands and the United States — is a continuation of Operation Endgame, the largest-ever police operation against botnets.
Between Monday and Thursday, the operation enabled the countries involved “to take action against the world’s most dangerous malware variants and the perpetrators behind them”, said Eurojust, the EU Agency for Criminal Justice Cooperation.
“Thirty-seven suspects were identified and international arrest warrants were obtained against 20 individuals criminally charged.”
‘Cybercrime as a service’ –
In total, “3.5 million euros in cryptocurrency” were seized, the agencies added, bringing the total amount of cryptocurrency seized during Endgame to 21.2 million euros.
During the first phase of Endgame, in May 2024, four people were arrested and 100 servers were neutralized, they said.
“This year during Endgame 2.0, the measures targeted the successor groups of malware taken down by the authorities and other relevant variants — Bumblebee, Lactrodectus, Qakbot, DanaBot, HijackLoader, Trickbot and WarmCookie.
“As these variants are at the beginning of the cyberattack chain, disrupting them damages the entire ‘cybercrime as a service’ ecosystem,” they said.
Such malware enables users to spy on data or encrypt a system in order to extort a ransom.
About 50 of the servers neutralized this week were in Germany, the German authorities said.
“In Germany, investigations focused particularly on suspicions of organized extorsion and membership of a foreign criminal organization,” according to the federal police and the Frankfurt public prosecutor’s office in charge of combatting cybercrime.
German authorities also obtained international arrest warrants for the 20 people, “most of them Russian nationals”, and launched search operations, they added.
