Task Force Triumphs in Shutting Down Six Notorious Malware Droppers

 

This is the biggest-ever international operation against ransomware, coordinated by the justice and police agencies of the European Union. Police have taken down computer networks that spread ransomware via infected emails in what is described as the largest international operation. Eurojust, an EU-wide judicial cooperation agency, announced on Thursday that four suspects of high value were arrested, 100 servers were taken down, and more than 2,000 internet domains were seized. There has been an international crackdown on six malware droppers, which are malicious programs that play an important role in hacking campaigns. 

Europol, which led the task force, announced today that it has disrupted the infrastructure behind these programs. In the takedown, hundreds of law enforcement officers from Denmark, France, Germany, the Netherlands, the United Kingdom, and the United States were involved. This was the largest-ever botnet takedown according to Europol. 

The Europol-led international law enforcement operation began with the announcement of numerous arrests, searches, seizures and takedowns of malware droppers as well as their operators following several arrests, searches, seizures and takedowns. In the early days of Operation Endgame, the EU task force coordinated with its US and UK law enforcement partners to disrupt the operations of malware droppers such as IcedID, Bumblebee, SystemBC, Pikabot, Smokeloader, and Trickbot as well as other malware droppers. 

Those who do not know what a dropper is, but can easily identify a dropper, as it is malware that facilitates the installation of other malware. In most cases, the dropper is installed first as part of the initial access process and is transmitted through phishing emails and other common methods of accessing the system. "The largest ever operation against botnets, which are a major contributor to ransomware deployment, has been launched by Europol with Operation Endgame," Europol said at the beginning of the operation. 

Law enforcement agencies coordinated to make four arrests, search 16 locations, seize over 100 servers, including some that were located in the US and UK, and take down more than 2,000 domains that had been used to distribute malware and commit other cyber crimes, according to the international cop group. A total of three arrests were made in Ukraine, with the fourth arrest being made in Armenia. The main suspects were not identified, but Europol said the investigation revealed at least €69m in cryptocurrency that they earned by renting out their illegal infrastructure for ransomware deployments. The names of the suspects were not released.  

There were four arrests made by German law enforcement along with eight fugitives added to the EU's most wanted list for involvement in cybercrime Operation Endgame was aimed at as well as other serious cybercrime activity, along with the four arrests. In a recent announcement by the U.S. Department of Justice, the Department of Justice revealed that the 911 S5 residential proxy network, which is thought to be the world's largest botnet, had been disrupted by the government.  Droppers are also sometimes tasked with performing other duties in addition to dropping. 

Code obfuscation is a common feature of these programs and means that malware is less susceptible to being reverse-engineered by performing the process of obscuring the code. Consequently, cybersecurity professionals are having a harder time understanding the code of malicious programs, which further complicates the process of preventing breaches and makes it more difficult to identify them. Over 100 servers associated with the spread of malware droppers were shut down or disrupted in the Europol-led takedown outlined today by the task force that was led by Europol. 

In roughly a dozen different countries, the machines could be found scattered across the globe. In addition to the domain names, officials also seized over 2,000 IP addresses. It has been confirmed by Europol that, with the disruption of the infrastructure, six of the most well-known cybercrime droppers were impacted: IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee and Trickbot. Throughout the investigation, four arrests have been made related to the droppers, and eight of them have been added to Europe's Most Wanted list as fugitives. 

In the wake of the disruption of the hacking operation, it is estimated that hundreds of millions of dollars worth of damages were caused to the economy. In a coordinated international effort, cybercriminals targeting individuals, companies, and government agencies were disrupted. Europol reported that this takedown had a significant global impact, dismantling infrastructure used to distribute malware that facilitated ransomware and other attacks. 

This development follows the U.S. Justice Department's announcement of disrupting a massive botnet, known as 911 S5, which infected millions of computers. Law enforcement successfully apprehended the botnet's operator and disabled the servers responsible for powering the malware.