- These Anker earbuds sound just as good as my AirPods Pro but for half the price
- These OnePlus flagship earbuds are a great buy at full price - but now they're $40 off
- I review phones for a living, and these Memorial Day mobile deals are worth it
- Six vendor platforms to watch
- I tested a $49 OTC continuous glucose monitor for two weeks; it's not just for diabetics
Law Enforcement Busts Initial Access Malware Used to Launch Ransomware
A major law enforcement operation has successfully dismantled key initial access malware used to launch ransomware attacks.
The Europol co-ordinated action, announced on May 23, represents the latest phase of ‘Operation Endgame’, an ongoing effort by international law enforcement agencies aimed at dismantling and prosecuting cybercriminal organizations around the world.
This new phase focused on malware variants used to launch ransomware attacks, a key component of the cybercrime-as-a-service (RaaS) ecosystem.
Law enforcement agencies were able to neutralize numerous malware strains commonly used by initial access brokers in the RaaS marketplace. These were:
“These variants are commonly offered as a service to other cybercriminals and are used to pave the way for large-scale ransomware attacks,” Europol noted.
In total, authorities took down 300 servers worldwide and 650 domains associated with these malware strains from May 19-22.
In addition, international arrest warrants have been issued against 20 individuals believed to be providing or operating initial access services to ransomware operators.
Around €3.5m ($3.9m) in cryptocurrency was seized by law enforcement in the action week, bringing the total amount seized during Operation Endgame to €21.2m ($24m).
Europol said the operation has dealt a “direct blow” to the ransomware kill chain.
Investigators from Canada, Denmark, France, Germany, the Netherlands, the UK and the US worked with Europol’s European Cybercrime Centre and its Joint Cybercrime Action Taskforce to implement the operational action plan.
Latest Wave of Cybercrime Crackdown
The latest phase of Operation Endgame follows-on from the largest ever law enforcement action against botnets in May 2024, disrupting malware droppers such as IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee and Trickbot.
Bumblebee and TrickBot re-emerged following this action and were targeted again in the latest takedown.
The latest phase of Operation Endgame follows a raft of separate law enforcement actions against international cybercrime in the past few days.
This includes a co-ordinated operation between Microsoft and law enforcement agencies to disrupt the infrastructure behind one of the world’s most notorious infostealer operations, Lumma Stealer.
Additionally, Europol announced the results of Operation RapTor on May 22, which targeted fentanyl and opioid trafficking, as well as the sales of other illicit goods and services on the dark web.
Operation RapTor resulted in 270 arrests of dark web vendors and buyers across four continents.
Charges Issued Against QakBot and DanaBot Operators
In conjunction with Operation Endgame, US authorities have issued charges against a number of individuals suspected of involvement in developing and deploying the QakBot and DanaBot malware, respectively.
A federal indictment on May 22, charged Rustam Rafailevich Gallyamov, 48, of Moscow, Russia, with leading a group of cybercriminals who developed and deployed the Qakbot malware.
A separate federal indictment has charged 16 Russians for allegedly developing and deploying the DanaBot malware.
The US highlighted the role of Amazon, Crowdstrike, ESET, Flashpoint, Google, Intel 471, Lumen, PayPal, Proofpoint, Spycloud, Team CYMRU and ZScaler in the DanaBot investigation.
