Large global malware operation: 4 people arrested and more than 100 servers taken offline

Large global malware operation: 4 people arrested and more than 100 servers taken offline
Large global malware operation: 4 people arrested and more than 100 servers taken offline

Four people were arrested and more than 100 servers taken offline during “the largest operation ever carried out” against malware playing a major role in the deployment of ransomware, Europol announced Thursday.

Called “Endgame”, the international operation had “a global impact on the dropper ecosystem”Europol said, referring to a type of software used to insert other malware into a target system.

In addition to the four arrests made in Armenia and Ukraine, eight individuals linked to these criminal activities will be added to the list of Europe’s most wanted people.

This raid, coordinated between May 27 and 29 from the headquarters of the European Police Agency in The Hague, gave rise to nearly twenty searches in Armenia, Ukraine, as well as in Portugal and the Netherlands. Down.

More than 100 servers were seized in different European countries, the United States and Canada.

According to the investigation, opened in 2022, one of the main suspects earned at least 69 million euros in cryptocurrency by renting criminal infrastructure for the deployment of ransomware, said the European judicial agency Eurojust.

The authorities first targeted the groups behind the six malware families: IcedID, SystemBC, Bumblebee, Smokeloader, Pikabot and Trickbot.

These “droppers” are associated with at least 15 ransomware groups, the German Federal Criminal Police Office and the Frankfurt Public Prosecutor’s Office said in a joint statement.

“Main threat”

The droppers “allow criminals to bypass security measures and deploy harmful programs”, explained Europol.

“They themselves generally do not cause direct damage, but are crucial for accessing and implementing harmful software on affected systems”added the agency.

“All are now used to deploy ransomware and are considered the main threat in the infection chain,” she clarified.

French investigators identified the administrator of “SystemBC”, mapped the infrastructure linked to the “dropper”, and coordinated the dismantling of dozens of control servers, said the Paris public prosecutor, Laure Beccuau, in a press release.

SystemBC facilitated anonymous communication between an infected system and command and control servers, Europol said.

The administrator of Pikabot – allowing the deployment of ransomware, the remote takeover of computers and the theft of data – was also identified by French authorities.

They arrested him and searched his home in Ukraine, with the assistance of the Ukrainian authorities, said Ms. Beccuau.

French investigators also identified one of the main actors of “Bumblebee”, carried out his audition in Armenia, as well as search operations.

Bumblebee, distributed primarily through phishing campaigns or compromised websites, was designed to enable the deployment and execution of other attacks.

“Trickbot” was used in particular to ransom hospitals and health centers in the United States during the Covid-19 pandemic.

“We wanted to do this operation before the Olympic Games” of Paris this summer, Nicolas Guidoux, head of the anti-cybercrime office of the judicial police (Ofac), who coordinated the operation on the French side, told AFP.

“It is important to weaken attacking infrastructures, to limit their means”before this global event, where the authorities fear numerous cyberattacks, he noted.

Only after analyzing the dismantled servers will the authorities be able to give an estimate of the number of victims, he said. They should number in the hundreds of thousands.

Operation Endgame continues and further arrests are expected, Europol said.

europol operation malicious sites software arrests



NEXT A municipal candidate murdered in Mexico, more than twenty in total