23-05-2025
Europol: Global anti-malware crackdown leads to 20 arrest warrants
THE HAGUE: A coordinated international operation this week disrupted some of the world's "most dangerous malware" and led to the issuance of 20 arrest warrants, European Union anti-crime bodies Europol and Eurojust said today.
Authorities took down more than 300 servers worldwide, neutralised 650 domains and seized €3.5 million in cryptocurrency, they said.
The coordinated crackdown has dealt "a direct blow to the ransomware kill chain", breaking it "at its source", said Europol, the European Union's criminal police agency.
The software taken down, known as "initial access malware", is used "for initial infection, helping cybercriminals to enter victims' systems unnoticed and load more malware onto their devices, such as ransomware", the Hague-based agencies said.
The crackdown -- involving authorities from Britain, Canada, Denmark, France, Germany, the Netherlands and the United States -- is a continuation of Operation Endgame, the largest-ever police operation against botnets.
Between Monday and yesterday, the operation enabled the countries involved "to take action against the world's most dangerous malware variants and the perpetrators behind them", said Eurojust, the EU Agency for Criminal Justice Cooperation.
"Thirty-seven suspects were identified,and international arrest warrants were obtained against 20 individuals criminally charged."
In total, "€3.5 million in cryptocurrency" were seized, the agencies added, bringing the total amount of cryptocurrency seized during Endgame to €21.2 million.
During the first phase of Endgame, in May 2024, four people were arrested and 100 servers were neutralised, they said.
"This year during Endgame 2.0, the measures targeted the successor groups of malware taken down by the authorities and other relevant variants -- Bumblebee, Lactrodectus, Qakbot, DanaBot, HijackLoader, Trickbot and WarmCookie.
"As these variants are at the beginning of the cyberattack chain, disrupting them damages the entire 'cybercrime as a service' ecosystem," they said.
Such malware enables users to spy on data or encrypt a system in order to extort a ransom.
About 50 of the servers neutralised this week were in Germany, the German authorities said.
"In Germany, investigations focused particularly on suspicions of organised extorsion and membership of a foreign criminal organisation," according to the federal police and the Frankfurt public prosecutor's office in charge of combatting cybercrime.
German authorities also obtained international arrest warrants for the 20 people, "most of them Russian nationals", and launched search operations, they added.
