Europol, the DoJ and other law enforcement agencies “neutralized” a swathe of malware strains this week, which they said was a “direct blow to the ransomware kill chain.”
The actions were part of the ongoing Operation Endgame which targeted a series of botnets just over a year ago.
But it’s worth remembering that the latest actions were largely focused on “malware variants and success groups” that sprang up after last year’s operation.
The Eurocops said in a statement that together with Eurojust, it had coordinated actions that had “dismantled key infrastructure behind the malware used to launch ransomware attacks” since the beginning of the week
This had involved taking down 300 servers worldwide, spiking 650 domains and issuing international arrest warrants against 20 targets. The authorities also seized €3.5 million of cryptocurrency. That raises the total pot seized by the operation to €21.5 million.
The DoJ trumpeted its indictment of the of Rustam Rafailevich Gallyamov, 48, alleged to be the leader of the group begind the Qakbot malware strain.
It has also issue a forfeiture complaint for $24 million seized from Gallyamov over the course of the investigation. However, that is likely to be as hard as they can hit him, as he is based in Moscow.
And this isn’t the first time Qakbot has sustained what authorities thought was a killer blow.
“Mr. Gallyamov’s bot network was crippled by the talented men and women of the FBI and our international partners in 2023, but he brazenly continued to deploy alternative methods to make his malware available to criminal cyber gangs conducting ransomware attacks against innocent victims globally,” said Akil Davis, Assistant Director in Charge, at the FBI’s Los Angeles Field Office.
Other strains Europol said had been neutralized include Bumblebee, Lactrodectus, Hijackloader, DanaBot, Trickbot and Warmcookie.
The identities of 18 suspects are due to hit the EU Most Wanted List today.
However, if they are proximate neighbours of Gallyamov, while some of their assets might be vulnerable to Western authoriries, it’s unlikely they’ll be in custody anytime soon.
Also this week, Europol worked with Microsoft to “disrupt” Lumma Stealer, which it described as the world’s “most significant infostealer threat”. The operation identified almost 400,000 infected computres and saw 1300 domains seized.
And Europol claimed that an “international sweep” dubbed Operation RapTor had led to the arrest of 270 dark web vendors and buyers, spanning drugs, weapons and counterfeit goods. Seizures included €184 mlllion cash and crypto, two tonnes of drugs, and over 180 weaprons.
Join peers following The Stack on LinkedIn
