In a move that represents a major step up in the global battle against cybercrime, the forces of law and order in the U.K. and U.S., plus five other nations, have revealed a huge new global attack on the infrastructure of ransomware gangs.
Europol on Tuesday announced the swoop, codenamed “Operation Endgame”, that saw some 300 servers taken down and around 650 internet domains used by cybercriminals seized.
It also resulted in the confiscation of €3.5m (£2.9m) worth of cryptocurrency, the operation that was conducted on May 19 to 22nd. The new phase of Operation Endgame comes after May 2024’s mass operation against botnets and focused on the ‘initial access brokers’ – the criminal groups which supply the tools and access to penetrate organizations networks, which in turn underpin the ransomware attacks.
To date, international arrest warrants have been issued to 20 principal suspects responsible for these services d’accès initial.” The identities of all the people being sought have not been revealed, though authorities in Germany have added 18 suspects, mainly Russian citizens or Russian speakers, to the EU’s Most Wanted list.
Malware families taken down in this effort include well-known families such as Trickbot and Danabot, as well as Bumblebee, Lactrodectus, Qakbot, Hijackloader, and Warmcookie.
These weapons are frequently employed in ransomware-as-a-service operations, allowing a wider array of hackers to target businesses, healthcare providers, and government organisations around the world.
Catherine De Bolle, the Executive Director of Europol, underscored the operation’s importance: “This new phase in the operation demonstrates law enforcement is committed to sit where cybercriminals feel safe and have the ability to strike all over again despite cybercriminals retooling and reorganizing”. By obliterating the services criminals depend on to bring ransomware to bear, we’re shattering the kill chain at the start.”
This joint action confirms the dedication of global law enforcement agencies to mobilise against the growth of ransomware, which had reached unprecedented levels in 2024, despite past disruption efforts.
Law enforcement’s focus is on infrastructure, the necessary enabling tools and mechanisms, which means that nobody pays for the attacks and all the pilfered money evaporates if they attack a country. The investigation continues, and further arrests are expected as authorities seek the prosecution of those found to be responsible.
