Police in Europe and the US coordinated what authorities said was the largest ever action against botnets, infrastructure used to place malware such as ransomware on users’ and organisations’ systems, in a move that targeted the infrastructure of “dropper” software including IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee and Trickbot.
Droppers are small pieces of code placed on targeted systems, usually via malicious email attachments, that are able to in turn download further malware onto the system, including ransomware.
By targeting botnets, infrastructure made up of hacked computers, authorities hoped to disrupt the ability of numerous malware actors to place their code onto victims’ computers.
The action, called “Operation Endgame”, was led by France, Germany and the Netherlands, supported by EU judicial cooperation agency Eurojust and involved Denmark, the UK and the US, with additional support from Armenia, Bulgaria, Lithuania, Portugal, Romania, Switzerland and Ukraine and private security companies.
In addition to taking down 100 servers in Europe, Canada and the US, authorities arrested one person in Armenia and three in Ukraine, searched 16 locations in Armenia, the Netherlands, Portugal and Ukraine, and took control of more than 2,000 domains.
The investigations revealed that one of the main suspects has earned at least 69 million euros (£59m) in cryptocurrency through renting out criminal infrastructure sites to deploy ransomware.
“The suspect’s transactions are constantly being monitored and legal permission to seize these assets upon future actions has already been obtained,” Europol said in a statement.
Authorities set up an Operation Endgame website where they said they would announce further actions.
“Operation Endgame does not end today,” Europol said.
Dutch police said the financial damage to individuals, organisations and governments inflicted by the botnets ran to the hundreds of millions of euros.
“Millions of people are also victims because their systems were infected, making them part of these botnets,” Dutch police said.
“This operation shows that you always leave tracks, nobody is unfindable, even online,” said Stan Duijf of the Dutch National Police in a video statement.
Germany is seeking the arrest of seven people suspected of being involved with the Trickbot malware organisation and an eighth person suspected of being one of the ringleaders behind Smokeloader.
Europol said the eight individuals were being added to its Most Wanted list.
CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation
Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…
Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…