By James Simons-
Four high-value suspects have been arrested and major ransomware networks dismantled, according to the European Union’s judicial co-operation agency, Eurojust. This coordinated effort marks the largest global crackdown on ransomware to date, targeting computer networks responsible for spreading ransomware through infected emails.
The operation, orchestrated by Eurojust, involved synchronized police raids across multiple countries, including Germany, the Netherlands, France, Denmark, Ukraine, the United States, and the United Kingdom. Eurojust announced that the raids resulted in the takedown of more than 100 servers and the seizure of control over approximately 2,000 internet domains.
Dutch police estimated that the financial damage inflicted by these networks on governments, businesses, and individual users amounts to hundreds of millions of euros. “Millions of people are also victims because their systems were infected, making them part of these botnets,” the Dutch police stated.
Eurojust highlighted that one of the principal suspects amassed cryptocurrency worth at least 69 million euros (£58.7 million) by renting out criminal infrastructure used to spread ransomware. The operation specifically targeted malware droppers such as IcedID, Pikabot, Smokeloader, Bumblebee, and Trickbot. Droppers are malicious software typically distributed through emails containing infected links or attachments disguised as shipping invoices or order forms.
“This operation shows that you always leave tracks, nobody is unfindable, even online,” Stan Duijf of the Dutch National Police said in a video statement. Martina Link, the deputy head of Germany’s Federal Criminal Police Office, hailed the operation as “the biggest international cyber police operation so far.” She added, “Thanks to intensive international co-operation, it was possible to render six of the biggest malware families harmless.”
German authorities are currently investigating seven individuals suspected of being members of a criminal organization dedicated to spreading the Trickbot malware. An eighth person is suspected of being one of the ringleaders behind the Smokeloader malware group.
This significant operation follows the massive takedown of the Emotet botnet in 2021, underscoring the ongoing global efforts to combat cybercrime.
The successful dismantling of these ransomware networks is seen as marking a crucial victory in the fight against cybercriminals, demonstrating the power of international collaboration in tackling complex and widespread cyber threats.