Four people have been arrested in the “largest ever operation against botnets,” EU police force Europol announced on Thursday.
The Netherlands, Germany, and France led the sting, dubbed “Operation Endgame.” According to Dutch police, their investigation uncovered financial damages totalling “hundreds of millions” of euros. They also estimate that the malware has infected millions of systems.
The botnets’ primary purpose was deploying ransomware. One suspect alone earned an estimated €69mn in cryptocurrency from the scheme.
Operation Endgame struck the network between May 27 and 29, Europol said. Officers conducted searches in 16 locations: 11 in Ukraine, one in Armenia, three in Portugal, and one in the Netherlands. They targeted evidence of “droppers,” a type of Trojan horse designed to install malware.
The sting led to three arrests in Ukraine and one in Armenia. Police said they also took down over 100 servers and seized control of more than 2,000 domain names.
Investigators have also promised further takedowns. On a flashy website available in English and Russian, they posted a warning:
“Operation Endgame does not end today.”
Botnets running wild
The European sting surfaced just hours after another major botnet takedown.
On Wednesday, US authorities announced that they had disrupted a network accused of stealing $5.9bn (€5.45bn). They said the operators had deployed the botnet for cyber attacks, large-scale fraud, child exploitation, harassment, bomb threats, and export violations.
Police arrested Chinese national YunHe Wang, 35, for his role in the scheme. They also seized assets including 21 properties, one Ferrari, two BMWs, a Rolls Royce, and several luxury watches, as well as over a dozen bank accounts, and two dozen cryptocurrency wallets.
Jake Moore, Global Cybersecurity Advisor at Slovakian firm ESET, was struck by the sophistication of the botnets.
“Collaborative efforts increase the chances of identifying those responsible but the sheer length of time this botnet has been in operation highlights the skills and tools available to threat actors and how they can successfully operate for so long whilst hidden in the digital shadows,” he said.
As we count down to TNW conference in Amsterdam on June 20 and 21, we’re ramping up our coverage of the Dutch IT sector.
If you’re interested in attending the biggest tech festival in the Netherlands, we’ve got a special offer for our readers. At the ticket checkout, use the code TNWXMEDIA to get 30% off your business pass, investor pass, or startup packages (Bootstrap and Scaleup).
Get the TNW newsletter
Get the most important tech news in your inbox each week.