



THE HAGUE, Netherlands — Coordinated police and European Union law enforcement agencies have taken down computer networks responsible for spreading ransomware through infected emails, in what they called the biggest ever international operation against the lucrative form of cybercrime. The European Union's judicial cooperation agency, Eurojust, said Thursday that police arrested four high-value suspects, took down more than 100 servers and seized control of more than 2,000 Internet domains. This week's major takedown, codenamed Endgame, involved coordinated actions in Germany, the Netherlands, France, Denmark, Ukraine, the United States and the United Kingdom, Eurojust said. Also, three suspects were arrested in Ukraine and one in Armenia. The searches were carried out in Ukraine, Portugal, the Netherlands and Armenia, the EU police agency Europol added. It is the latest international operation aimed at disrupting malware and ransomware operations. It followed a massive takedown in 2021 of a botnet called Emotet, Eurojust said. A botnet is a network of hijacked computers commonly used for malicious activities. Europol vowed that this would not be the last takedown. Operation Endgame does not end today. New actions will be announced on the Operation Endgame website,” Europol said in a statement. Dutch police said the financial damage caused by the network to governments, companies and individual users is estimated to run into hundreds of millions of euros (dollars). Millions of people are also victims because their systems were infected, making them part of these botnets, the Dutch statement said. Eurojust said one of the main suspects earned at least 69 million euros ($74 million) worth of cryptocurrency by renting out the criminal infrastructure for spreading the ransomware. The transactions of the suspects are being continuously monitored and legal permission has already been obtained to seize these assets in future actions, the EU police agency Europol added. The operation targeted malware launchers called IcedID, Pikabot, Smokeloader, Bumblebee and Trickbot. A dropper is malicious software that is usually spread in emails that contain infected links or attachments such as shipping invoices or order forms. This approach had a global impact on the dropper ecosystem,” Europol said. The malware, whose infrastructure was removed during the days of the action, facilitated attacks with ransomware and other malicious software. Dutch police warned that the actions should warn cybercriminals that they could be caught. This operation shows that you always leave traces, no one is untraceable, even on the Internet, Stan Duijf, of the Dutch National Police, said in a video statement. The deputy head of Germany's Federal Criminal Police Office, Martina Link, described it as the largest international cyber police operation to date. Thanks to intensive international cooperation, it was possible to render harmless six of the largest malware families, she said in a statement. German authorities are seeking the arrest of seven people suspected of being members of a criminal organization whose purpose was to spread the Trickbot malware. An eighth person is suspected to be one of the ringleaders behind Smokeloader. Europol said it was adding the eight suspects wanted by Germany to its most wanted list. ___ Associated Press writer Geir Moulson in Berlin contributed to this report.

