In a heavy blow to the cybercriminal underground, the FBI and international law enforcement partners have announced the takedown of “Operation Endgame,” an operation to disrupt and take down the infrastructure they were used for a variety of well known ransomware variants. This joint effort represents a significant step forward in combating advanced cyber threats.
On May 19th-22nd 2025, the United States, Canada, Denmark, France, Germany, the Netherlands, with vital support from Europol and Eurojust, carried out a series of coordinated operations.
That work led to the takedown of some 300 servers and the neutralization of 650 domains, which had the effect of hobbling the “initial access malware” that cybercriminals employ to break into systems and then deploy ransomware.
Some of the malware families that have been hit hard are Bogelkryg, Bumblebee, Bothy, Lactrodectus, Qakbot, Combojack, Jays, Hijackloader, Materiy, Pleet Venus, DanaBot, GoBotKR, Trickbot, and Warmcookie.
These malware variants are often peddled as “malware-as-a-service” to other criminal operators, allowing them to engage in a variety of malicious activities, from stealing sensitive personal information to launching debilitating ransomware attacks.
The 20 masterminds of these original entry services were identified and international arrest warrants were made available to the authorities as part of Operation Endgame. Among them, the U.S. Justice Department indicted 48-year-old Russian national Rustam Rafailevich Gallyamov for his role in the Qakbot malware scheme.
Gallyamov is still on the run, but in actions unrelated to extradition, we have already managed to arrest his cryptocurrency for over $24 million, and we will return them to injured persons,” Sokolov said. Another major indictment involved 16 members of DanaBot malware group who infected over 300,000 victims and caused over $50 million in damages.
Operation Endgame’s latest phase will follow the trail of other successful operations that led to widespread takedown of botnets, the most significant of which being that of May 204 8. That collective effort has led to the seizure of more than €21.2 million (around $23 million USD) worth of cryptocurrency from cybercrime organizations.
Europol’s Executive Director Catherine De Bolle underscored the strategic nature of the operation: “This new phase shows law enforcement’s adaptability and their determination to keep striking back against cybercrime, even as criminals change their game. We are disrupting.
We are taking down the services that count on to continue their criminal activity and putting an end to the ‘stickiness’ (the likelihood of a target paying a ransom now and again) of the adversaries’ business model.”
Though challenges remain, not least in relation to the extradition of suspects from some jurisdictions, Operation Endgame will sound a warning to cybercriminals that international collaboration is improving and that global law enforcement will use all the tools at its disposal to track down and disrupt their illegal networks.
