Europol Shuts Down 2000 Malicious Cybercriminal Domains

In one of the largest international law enforcement operations in history, codenamed “Operation Endgame,” authorities have successfully disabled some of the most influential botnets involved in distributing malware and large-scale ransom demands.

Botnets Disconnected

Those disabled include IcedID, SystemBC, Pikabot, SmokeLoader, Bumblebee, and Trickbot, harmful software used by at least 15 cyber criminal groups such as BlackBasta, Revil, and Conti for spewing out ransomware and stealing data. These ‘droppers’ (a type of malware that poses as legitimate software) would infect computers and networks, then download actual malicious software.

International Effort

According to reports from Therecord.media, the operation involved hundreds of law enforcement officers from various countries. They were able to deactivate or disable 100 servers used by criminals, and seize over 2,000 malicious domains. The page now shows the following Interpol placeholder:

Resource image: Therecord.media

Arrests and Investigations

One suspect was apprehended in Armenia and three others in Ukraine, while in Germany, arrest warrants were issued for eight individuals believed to be connected with Trickbot and Smokeloader. These criminals utilized phishing and spyware to penetrate victims’ networks, executing ransom demands worth millions of dollars.

Additionally, police also uncovered that one of the main suspects earned at least €69 million in cryptocurrency through renting infrastructure for ransomware site hosting. In total, the operation blocked around 100 crypto-wallets amounting to over €70 million.

Searches and seizures were conducted in multiple countries, bringing to light evidence that may prompt further investigations. Representatives from Europol proclaimed that the operation will be ongoing, and other participants will be held accountable.

US Action Against Cybercrime

This week in the US, sanctions were imposed against the operators of the 911 S5 botnet, which was being used to commit large-scale crimes. Its alleged administrator was arrested. This operation represents a significant blow against organized cybercrime.

Related Posts