In a significant crackdown on ransomware activities, authorities from seven nations executed a coordinated operation that resulted in the seizure of 300 servers and 650 domains associated with notorious cybercrime groups. This operation, known as Operation Endgame, took place from May 19 to 22 and was aimed at dismantling the technical infrastructure that supports ransomware attacks.
According to the official website for the joint action, the measures struck a decisive blow to the ransomware ecosystem. In conjunction with confiscating servers and domains, law enforcement also seized cryptocurrency valued at EUR 3.5 million, advancing the total monetary recoveries during Operation Endgame to EUR 21.2 million.
Europol and Eurojust spearheaded the initiative, collaborating with private sector partners to target cybercriminal operations using various malware strains including Bumblebee, Lactrodectus, Qakbot, DanaBot, Trickbot, and Warmcookie. These malware tools are often offered as a service to other cybercriminals, facilitating unauthorized access to victim networks.
Europol Executive Director Catherine De Bolle commented on the operation’s success, stating, “This new phase demonstrates law enforcement’s ability to adapt and strike again, even as cybercriminals retool and reorganise.” By dismantling these critical services, authorities aim to disrupt the operational capacity of ransomware perpetrators.
In a related effort, the U.S. Department of Justice unsealed charges against 16 individuals alleged to be part of a Russian crime syndicate running the DanaBot malware operation. The malware has allegedly infected over 300,000 computers worldwide, leading to damages exceeding $50 million.
The complaint states that DanaBot has been active since 2018, functioning on a malware-as-a-service model. Its capabilities include hijacking banking sessions and facilitating extensive cyber espionage. The U.S. authorities noted the sophisticated nature of this operation, indicating a serious threat to both individual and national security.
This operation builds upon prior phases of Operation Endgame, which have included the seizure of over 100 servers linked to multiple malware loader operations and the arrest of key cybercriminal figures, reflecting ongoing international efforts to combat cybercrime.