Authorities in Europe have made a major breakthrough in the fight against cybercrime with the arrest of four individuals and the takedown of over 100 servers in a massive anti-malware operation. The operation, dubbed Operation Endgame, was a joint effort led by France, Germany, and the Netherlands, with the aim of dismantling botnets that deploy ransomware.
The attacks targeted mainly companies and national institutions, costing victims hundreds of millions of euros and infecting the systems of millions of individuals. The sweep, which took place from May 27-29, resulted in one arrest in Armenia and three in Ukraine, with searches conducted in several countries including the Netherlands and Portugal.
Europol, the agency based in The Hague, revealed that the servers involved in the operation were located in multiple countries including Bulgaria, Canada, Germany, and the United States. In addition to the four arrests, eight fugitive suspects linked to the case will be added to Europe’s Most Wanted list.
One of the suspects was reported to have earned at least 69 million euros in cryptocurrency by renting out criminal infrastructure sites to disseminate ransomware. The operation targeted malware droppers such as IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee, and Trickbot, with Trickbot being used to launch ransomware attacks on U.S. hospitals during the Covid pandemic.
Authorities believe that the operation had a significant impact on the dropper ecosystem, disrupting the ability of criminals to deploy viruses, ransomware, or spyware. The investigation is ongoing, with more arrests expected as authorities continue to dismantle the cybercriminal infrastructure.