Cybercrime
,
Fraud Administration & Cybercrime
Police Take Down 300 Servers Worldwide, Neutralize 650 Domains
Legislation enforcement in a European-led operation towards malware typically used as a precursor to ransomware took down 300 servers worldwide, police stated Friday.
See Additionally: Why Cyberattackers Love ‘Residing Off the Land’
In a coordinated operation that ran between Could 19 to Could 22, European, British and U.S. cyber defenders additionally neutralised 650 domains linked to malware strains together with Bumblebee, Lactrodectus, Qakbot, Hijackloader, DanaBot, Trickbot and Warmcookie. “A direct blow to the ransomware kill chain,” Europol stated.
“Operation Endgame” moreover resulted in worldwide arrest warrants towards 20 suspected Russian nationwide malware builders, many already needed in the US. Legislation enforcement had cooperated this time final yr below the identical Operation Endgame rubric to take down botnets in a sweep Eurpopol referred to as the “largest-ever worldwide motion towards botnets” (see: European Police Take Down Botnet Servers, Make Arrests).
This yr’s successor operation “focused new malware variants and successor teams that re-emerged after final yr’s takedowns, reinforcing legislation enforcement’s capability to adapt and strike again – at the same time as cybercriminals retool and reorganise,” Europol stated.
The operation got here throughout every week crammed with takedowns and indictments. U.S. authorities stated Thursday they seized command and management servers utilized by operators of the DanaBot malware whereas unsealing indictments towards 16 members of the Russia-based cybercrime gang that deployed it (see: US Takes Down DanaBot Malware, Indicts Builders).
U.S. legislation enforcement and Microsoft on Wednesday introduced seizure of the central command construction and hundreds of on-line domains used to regulate the Lumma Stealer. Federal prosecutors unsealed an indictment towards Russian nationwide Rustam Rafailevich Gallyamov, 48, for Qakbot malware operation since its inception in 2008 as a banking Trojan (see: Breach Roundup: US Indicts Qakbot Malware Chief).
Malware focused by authorities this week typically ends in a ransomware assault, with hackers behind the preliminary malware an infection promoting entry to compromised machines to ransomware teams or collaborating immediately with ransomware operators.
Domains focused within the newest motion embody 50 servers in Germany. The Public Prosecutor’s Workplace in Frankfurt listed 18 people affiliated linked to Trickbot and Qakbot to the EU Most Wished record.
