Police arrested four people and took down 100 servers across Europe and North America in a major sweep against malware, Europol said.
The European Union’s law enforcement agency also said over 2,000 domains were now under the control of law enforcement.
Operation Endgame, which was carried out between May 27 and 29, was “the largest ever operation against botnets, which play a major role in the deployment of ransomware,” Europol said.
IcedID, Smokeloader, SystemBC, Pikabot and Bumblebee are some examples of the botnets that are now disabled.
Three Ukrainian nationals and one Armenian were arrested, with ten more international arrest warrants also issued.
One of the main suspects in the operation earned at least €69 million in cryptocurrency by renting out sites that would deploy ransomware.
Finding the suspects took a coordinated effort from around the world, Europol said, with the operation initiated and led by France, Germany and the Netherlands.
“Law enforcement authorities have managed to deal a significant blow to the cybercrime scene,” Martina Link, vice president of Germany’s Federal Criminal Police Office, said in a statement. “Thanks to intensive, international cooperation, six of the largest malware families were rendered harmless,” she added.
More than 20 law enforcement officers from Denmark, France, Germany and the United States coordinated hundreds of officers on the ground as well as several virtual command posts with Armenia, French, Portuguese and Ukrainian officers in the field.
Laura Beccuau, France’s public prosecutor, said in a statement that these types of malware attacks “number in the hundreds every year,” and are committed often against private companies, individuals and public buildings, like hospitals.
From 2022 to 2023, the number of cyberattacks in France increased by 30 per cent, she said.
Europol defines malware droppers, the type of technology seized in this operation, as a type of malicious software that lets cybercriminals bypass security measures on any device and lets them secretly install viruses, ransomware or spyware in its place.
Droppers are also assigned to avoid being detected by security software by changing their code or impersonating legitimate software processes.
Europol said the operation is not yet over.
“Suspects involved in these and other botnets who have not yet been arrested, will be directly called to account for their actions,” the law enforcement agency said.
