The third phase of Operation Endgame coordinated by Europol took down more than 1,025 servers that officials said infected hundreds of thousands of victims worldwide with three leading malware strains.Europol, the law enforcement agency of the European Union, said the most recent takedown in the ongoing campaign to disrupt the malware, botnets, and ransomware used by cybercriminals took place between Nov. 10 and Nov. 13.Officials said a joint team of more than 100 law enforcement officers from leading EU countries, Australia, Canada, and the United States dismantled infrastructure that ran three prolific strains of malware: the infostealer, Rhadamanthys, remote access trojan VenomRAT, and the botnet Elysium.As part of the effort, law enforcement made one arrest in Greece, which was reportedly the person responsible for the VenomRAT tool, searched 11 locations in Germany, Greece and the Netherlands (nine Dutch sites), and seized more than 20 domains. “The dismantled malware infrastructure consisted of hundreds of thousands of infected computers containing several million stolen credentials," said Europol. "Many of the victims were not aware of the infection of their systems. The main suspect behind the infostealer had access to over 100 000 crypto wallets belonging to these victims, potentially worth millions of euros.Michael Bell, chief executive officer of Suzu, said while takedowns are temporary because adversaries rebuild, operations like this force threat actors to invest resources in reconstitution rather than new attacks. Bell said this buys defenders time to harden systems and implement the stolen credential mitigations that organizations should already have in place.“This is the kind of coordinated disruption we need more of, and it validates the approach we've been advocating, which is that government can't do this alone, and neither can the private sector,” said Bell.Trey Ford, chief strategy and trust officer at Bugcrowd, added that cybersecurity pros work hard to make it it both expensive and dangerous to abuse technology for evil.“We love seeing this,” said Ford. “One of the greatest challenges in pursuing criminals in cyberspace is the complexity of working across agencies in multiple countries. Working together is in everyone’s interest. Criminal groups are clearly collaborating, increasing efficiency and operational capability — seeing global law enforcement aligning to take on these groups is so encouraging.”Adam Meyers, head of counter adversary operations at CrowdStrike, said Operation Endgame 3.0 shows what’s possible when law enforcement and the private sector work together. Meyers said disrupting the front end of the ransomware kill chain — the initial-access brokers, loaders, and infostealers — instead of just the operators themselves has a ripple effect through the eCrime ecosystem.“By targeting the infrastructure that fuels ransomware, this operation struck the ransomware economy at its source,” said Meyers. “But disruption isn’t eradication. Defenders should use this window to harden their environments, close visibility gaps, and hunt for the next wave of tools these adversaries will deploy. Continued intelligence sharing between governments and private-sector partners will be key to maintaining this momentum and driving a lasting impact.”
Ransomware, Malware, Government Regulations
Europol takes down more than 1,000 malicious servers in Operation Endgame
(Adobe Stock)
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds