close
close

Four people arrested in major international anti-malware operation

Authorities arrested four people and disabled or disrupted more than 100 servers in the “largest operation ever” against botnets that use ransomware, Europol said on Thursday.

Operation Endgame was initiated and led by France, Germany and the Netherlands. A French official said they wanted to take action before the Summer Olympics in Paris.

The operation, which took place from May 27 to 29, resulted in one arrest in Armenia and three others in Ukraine. Searches were carried out in both countries as well as in the Netherlands and Portugal, Europol said.

The servers were located in Bulgaria, Canada, Germany, Lithuania, the Netherlands, Romania, Switzerland, the UK, the USA and Ukraine.

Advertisement – Scroll to continue


In addition to the four arrests, eight fugitive suspects linked to the case are placed on Europe’s most wanted list.

One of the suspects earned at least 69 million euros ($75 million) in cryptocurrency by renting out criminal infrastructure websites to spread ransomware, Europol said.

“This is the largest operation to date against botnets, which play an important role in the spread of ransomware,” said the agency based in The Hague.

Advertisement – Scroll to continue


A botnet is a network of computers infected with malware and controlled by hackers.

Authorities targeted malware “droppers” – a type of software used to inject malicious software into a system – called IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee and Trickbot.

Trickbot was used to launch ransomware attacks on US hospitals during the Covid pandemic.

Advertisement – Scroll to continue


The operation has “global implications for the dropper ecosystem,” Europol said.

Droppers allow criminals to bypass security measures and spread viruses, ransomware or spyware, the agency said.

The agency said the operation was still ongoing and more arrests were expected.

Advertisement – Scroll to continue


“We wanted to carry out this operation before the Olympic Games,” Nicolas Guidoux, head of the French police’s cybercrime unit, told AFP.

He said it was “important to weaken the attacking infrastructure” and “limit their resources” before the global event, as authorities fear the country could become the target of numerous cyberattacks.

Authorities from Denmark, the United Kingdom and the United States also participated in Endgame, with additional support from Armenia, Bulgaria, Lithuania, Portugal, Romania, Switzerland and Ukraine.

Advertisement – Scroll to continue


The investigation was launched in 2022.

French investigators have identified the administrator of the SystemBC dropper, which Europol said enabled “anonymous communication between an infected system” and “command-and-control servers.”

The administrator of Pikabot – a Trojan horse that enables the deployment of ransomware, remote computer takeover and data theft – was also identified by the French authorities.

The French police were involved in the arrest of the suspect and the house search in Ukraine with the authorization of the local authorities, said Paris prosecutor Laure Beccuau.

bur-jcp/lth/db