Multiple botnets dismantled in largest-ever international operation against ransomware
Several botnets that played a key role in global cybercrime have been dismantles. The first coordinated, international operation by investigative authorities brought down botnets IcedID, Smokeloader, SystemBC, Pikabot and Bumblebee. Four arrests have been made with a further eight subpoenas issued against suspects, and 16 searches were also made.
A botnet is a network of computers infected with malware. What makes botnets so dangerous is that the infected malware opens the door, so to speak, to other forms of cybercrime. An infection of a computer with malware often comes about through a phishing attack by e-mail, where the victim is tricked into clicking on a malicious link or file. Users of the infected computers might be unaware of the malware infection. Botnets make it possible for cybercriminals to carry out ransomware attacks in particular but also to commit financial fraud and other crimes. To get back into the system or to prevent the criminals from leaking privacy-sensitive information, they demand a ransom (“ransom”), such as in bitcoins.
The operation, the largest of its kind, has likely disrupted the entire infrastructure of many individuals and organisations who have made hundreds of millions of dollars from cyber crime. On top of bad actors directly involved in the development and deployment of botnets millions of law-abiding individuals have also become victims because their systems were infected, making them part of these botnets. This large-scale operation has been dubbed Operation Endgame.
The investigations revealed that one of the main suspects earned €69 million in cryptocurrency from his criminal activities and this is being seized as soon as possible.
The joint actions were carried out by authorities in the UK, US, Netherlands, Germany, France and Denmark, with support from Europol and Eurojust. Action has also taken place in Ukraine, Switzerland, Armenia, Portugal, Romania, Canada, Lithuania, and Bulgaria involving the arrest or interrogation of suspects, searches, or the seizure and downing of servers.
Operation Endgame’s work is far from done and its ongoing prigress will be announced on the website www.operation-endgame.com.
Internationally, the partners Cryptolaemus, Abuse.ch, Sekoia, Shadowserver, Team Cymru, Prodaft and Proofpoint made an important contribution.
News Wires
Subscribers 0
Fans 0
Followers 0
Followers