Europol announced today the successful completion of "Endgame," the largest ever international operation targeting malware, resulting in four arrests and the dismantling of over 100 servers. This extensive operation marks a significant blow to the dropper ecosystem, a critical component in the spread of ransomware.
The operation led to arrests in Armenia and Ukraine, and eight more individuals associated with these criminal activities are now listed among Europe’s most wanted. The coordinated effort, conducted from May 27 to 29, involved multiple investigations across Armenia, Ukraine, Portugal, and the Netherlands, as well as seizures in several European countries, the United States, and Canada.
"Endgame" began in 2022 and revealed that one of the primary suspects had earned at least €69 million in cryptocurrency by renting out criminal infrastructure. This infrastructure was used to deploy various types of malware, including IcedID, SystemBC, Bumblebee, Smokeloader, Pikabot, and Trickbot. These malware families are connected to at least 15 ransomware groups, according to the German federal police and the Frankfurt public prosecutor's office.
Droppers, which introduce other malware into targeted systems, play a crucial role in the infection chain. They allow cybercriminals to bypass security measures and deploy malicious software, making them a key threat. The "SystemBC" dropper, for example, facilitates anonymous communication between compromised systems and control servers, while "Pikabot" allows for remote control and data theft.
French authorities, who tracked down and dismantled parts of the "SystemBC" network, arrested the "Pikabot" administrator in Ukraine with the help of local authorities. They also identified a key player of "Bumblebee," conducting searches and examinations in Armenia.
"Trickbot," another malware targeted by the operation, was notably used to ransom hospitals and healthcare centers in the US during the COVID-19 pandemic. Nicolas Guidoux, head of the French judicial police's cybercrime unit, emphasised the importance of this operation ahead of the Paris Olympics this summer, where authorities anticipate a heightened risk of cyber attacks.
Authorities are currently analysing the seized servers to estimate the number of victims, which is expected to be in the hundreds of thousands. Operation Endgame continues, and more arrests are anticipated, Europol concluded.
(Source: Kathimerini)
