THE HAGUE, Netherlands – Police, coordinating with European Union justice and police agencies, have taken down computer networks responsible for spreading ransomware via infected emails, in what they called the largest international operation ever against this lucrative form of cybercrime.
Police have arrested four high-value suspects, taken down more than 100 servers and taken control of more than 2,000 internet domains, the European Union’s judicial cooperation agency, Eurojust, said on Thursday.
This week’s massive takedown, codenamed Endgame, involved coordinated actions in Germany, the Netherlands, France, Denmark, Ukraine, the United States and the United Kingdom, Eurojust said. Three suspects were also arrested in Ukraine and one in Armenia. Europol added that searches were conducted in Ukraine, Portugal, the Netherlands and Armenia.
It is the latest international operation aimed at disrupting malware and ransomware operations. Eurojust said this followed a large-scale takedown in 2021 of a botnet called Emotet. A botnet is a network of hijacked computers that is typically used to carry out malicious activities.
Europol pledged that this would not be the last takedown.
“Operation Endgame does not end today. New measures will be announced on the Operation Endgame website,” Europol said in a statement.
The Dutch police said that the financial damage caused by the network to governments, companies and individual users is estimated at hundreds of millions of euros (dollars).
“Millions of people are also victims because their systems have been infected, making them part of these botnets,” the Dutch statement said.
Eurojust said one of the main suspects obtained cryptocurrency worth at least 69 million euros ($74 million) by leasing criminal infrastructure to spread ransomware.
Europol added: “The suspect’s transactions are constantly monitored and legal permission has already been obtained to seize these assets when taking future action.”
The operation targeted malware called IcedID, Pikabot, Smokeloader, Bumblebee, and Trickbot. A dropper is a malware that typically spreads in emails containing infected links or attachments such as shipping invoices or order forms.
“This approach had a global impact on the dropper ecosystem. The malware, whose infrastructure was removed during the days of the event, facilitated attacks using ransomware and other malware,” Europol said.
Ben Jones, CEO of Searchlight Cyber, a company that provides intelligence on the dark web, praised the operation as an example of how international cooperation can crack down on cybercrime.
“While cybercriminals previously used their ability to operate across borders to evade the arm of justice, operations like Endgame — coordinated across multiple jurisdictions — prove that this evasion tactic is untenable,” Jones said in emailed comments to The Associated Press. “Increasingly.” “The Internet is expanding, and access to ‘safe zones’ for cybercriminal activity is becoming more difficult.”
Dutch police said these measures should alert cybercriminals to the possibility of arrest.
“This operation shows that you always leave traces, and no one can be found, even on the Internet,” Stan Doive, of the Dutch National Police, said in a video statement.
Deputy Chief of Germany’s Federal Criminal Police Office, Martina Lenk, described the operation as “the largest international cyberpolice operation to date.”
“Thanks to extensive international cooperation, it was possible to render six of the largest malware families harmless,” it said in a statement.
German authorities are seeking to arrest seven people on suspicion of being members of a criminal organization aiming to spread the Trickbot malware. An eighth person is suspected to be one of the leaders of the group behind the Smokeloader.
Europol said it would add the eight suspects sought by Germany to its most wanted list.
___
Associated Press writer Geir Molson in Berlin contributed to this report.
“Infuriatingly humble analyst. Bacon maven. Proud food specialist. Certified reader. Avid writer. Zombie advocate. Incurable problem solver.”