Four Arrested in Major International Anti-Malware Operation

AFP/APP

The Hague: Authorities arrested four people and took down or disrupted more than 100 servers in the “largest ever” operation against botnets that deploy ransomware, Europol said Thursday.

Dubbed Operation Endgame, the sweep was initiated and led by France, Germany and the Netherlands, with a French official saying they wanted to act before this summer’s Paris Olympics.

The May 27-29 operation led to one arrest in Armenia and three others in Ukraine, with searches in both countries as well as in the Netherlands and Portugal, Europol said.

The servers were located in Bulgaria, Canada, Germany, Lithuania, the Netherlands, Romania, Switzerland, Britain, the United States and Ukraine.

In addition to the four arrests, eight fugitive suspects linked to the case will be added to Europe’s Most Wanted list.

One of the suspects earned at least 69 million euros ($75 million) in cryptocurrency by renting out criminal infrastructure sites to disseminate ransomware, Europol said.

“This is the largest ever operation against botnets, which play a major role in the deployment of ransomware,” the agency based in The Hague said.

A botnet is a network of computers infected by malware and controlled by hackers.

Authorities targeted malware “droppers” — a type of software used to insert malicious software into a system — named IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee and Trickbot.

Trickbot was used to launch ransomware attacks on US hospitals during the Covid pandemic.

The operation had “a global impact on the dropper ecosystem”, Europol said.

Droppers allow criminals to bypass security measures and deploy viruses, ransomware or spyware, the agency said.