Europol hits malware network in major cybercrime operation

International authorities have carried out a major operation targeting malware, with four people arrested in Armenia and Ukraine and more than 2,000 domains taken under the control of law enforcement, Europol said on Thursday.

“The actions focused on disrupting criminal services through arresting High Value Targets, taking down the criminal infrastructures and freezing illegal proceeds. This approach had a global impact on the dropper ecosystem,” the EU’s law enforcement agency said.

Malware is the name given to any software that allows cybercriminals to secretly connect with peoples’ computers for malicious purposes.

Besides the four arrests, eight fugitive suspects were also added to the Most Wanted List.

“With the largest international cyber police operation to date, law enforcement authorities have dealt a significant blow to the cybercrime scene,” Martina Link, vice president of Germany’s federal criminal police office, said in a statement.

What do we know about the operation?

According to Europol, the operation was “the largest ever […] against botnets, which play a major role in the deployment of ransomware,” software smuggled onto a computer that permanently blocks access to the user’s personal data unless money is paid to the criminal behind it.

The botnets dismantled during the operation between May 27 and 29 included IcedID, Smokeloader, SystemBC, Pikabot and Bumblebee, it said.

A botnet is a network of devices that can be remotely controlled, even without the owner’s knowledge, by cybercriminals for malicious ends.

The sting, dubbed Operation Endgame, was initiated and led by France, Germany and the Netherlands.

Several other countries, including Britain, the United States and Ukraine, were also involved, Europol said in its statement, adding that 16 police searches were conducted in four different countries.

“This operation shows that you always leave tracks; nobody is unfindable, even online,” Stan Duijf of the Dutch National Police said in a video statement.

Investigators said one of the main suspects earned at least €69 million ($74.5 million) in cryptocurrency by renting out criminal infrastructure sites to deploy ransomware.

Europol said the operation was still ongoing and that more people were expected to be arrested.

Germany hails operation

German Interior Minister Nancy Faeser has called the police operation a major blow to criminals online.

She said the dimensions of the operation showed “how hard we are hitting and the
dimension we are dealing with here.”

According to Faeser, the sting had destroyed infrastructure used in ransomware attacks that “are causing massive economic damage to German business,” she said.