Law enforcement and judicial authorities in the UK, EU and US have taken down 300 servers worldwide during a week-long mission targeting key infrastructures behind the launch of ransomware attacks.
As part of the Europol and Eurojust coordinated mission, called Operation Endgame, authorities neutralised 650 domains and issued international arrest warrants against 20 targets, with €3.5 million in cryptocurrency seized during the week of action, bringing the total amount seized to over €21.2 million.
From 29 to 22 May, mission focused on new malware variants and successor groups that re-emerged after previous takedowns last year.
The mission, called Operational Endgame, specifically targeted “early access”, the tools malware tools cybercriminals use to infiltrate systems unnoticed before distributing ransomware.
By disabling these access points, investigators hit the beginning of the cyber-attack chain, disrupting the entire cybercrime-as-a-service ecosystem.
During the week of action, a command post supervising the mission intelligence was set up at Europol’s headquarters in The Hague, with investigators from Canada, Denmark, France, Germany, the Netherlands, the UK and the US collaborating with Europol’s European Cybercrime Centre and its Joint Cybercrime Action Task Force.
Several malware strains were neutralised during the action, including Bumblebee, Lactrodectus, Qakbot, Hijackloader, DanaBot, Trickbot and Warmcookie, Europol confirmed.
Several key suspects behind the malware operations are now the subject of international and public appeals.
The German authorities will publish 18 of them on the EU’s most wanted list on Friday.
Catherine De Bolle, executive director of Europol, said that the mission demonstrates the ability for law enforcement to adapt as cybercriminals retool and reorganise.
“By disrupting the services criminals rely on to deploy ransomware, we are breaking the kill chain at its source,” she added.
