As a part of the most recent “season” of Operation Endgame, a coalition of legislation enforcement businesses have taken down about 300 servers worldwide, neutralized 650 domains, and issued arrest warrants in opposition to 20 targets.
Operation Endgame, first launched in Could 2024, is an ongoing legislation enforcement operation focusing on providers and infrastructures helping in or straight offering preliminary or consolidating entry for ransomware. The earlier version centered on dismantling the preliminary entry malware households which were used to ship ransomware.
The most recent iteration, per Europol, focused new malware variants and successor teams that re-emerged after final 12 months’s takedowns equivalent to Bumblebee, Lactrodectus, QakBot, HijackLoader, DanaBot, TrickBot, and WARMCOOKIE. The interplay motion was carried out between Could 19 and 22, 2025.
“As well as, €3.5 million in cryptocurrency was seized in the course of the motion week, bringing the entire quantity seized in the course of the Operation Endgame to greater than €21.2 million,” the company mentioned.
Europol famous that the malware variants are supplied as a service to different menace actors and are used to conduct large-scale ransomware assaults. Moreover, worldwide arrest warrants have been issued in opposition to 20 key actors who’re believed to be offering or working preliminary entry providers to ransomware crews.
“This new section demonstrates legislation enforcement’s potential to adapt and strike once more, whilst cybercriminals retool and reorganize,” Europol Government Director Catherine De Bolle mentioned. “By disrupting the providers criminals depend on to deploy ransomware, we’re breaking the kill chain at its supply.”
Germany’s Federal Legal Police Workplace (aka Bundeskriminalamt or BKA) has revealed that felony proceedings have been initiated in opposition to 37 recognized actors. A few of the people who’ve been added to the E.U. Most Wished record are listed beneath –
- Roman Mikhailovich Prokop (aka carterj), 36, a member of the QakBot group
- Danil Raisowitsch Khalitov (aka dancho), 37, a member of the QakBot group
- Iskander Rifkatovich Sharafetdinov (aka alik, gucci), 32, a member of the TrickBot group
- Mikhail Mikhailovich Tsarev (aka mango), 36, a member of the TrickBot group
- Maksim Sergeevich Galochkin (aka bentley, manuel, Max17, volhvb, crypt), 43, a member of the TrickBot group
- Vitalii Nikolaevich Kovalev (aka stern, ben, Grave, Vincent, Bentley, Bergen, Alex Konor), 36, a member of the TrickBot group
The disclosure comes as Europol took the wraps off a large-scale legislation enforcement operation that resulted in 270 arrests of darkish net distributors and consumers throughout 10 international locations: the US (130), Germany (42), the UK (37), France (29), South Korea (19), Austria (4), the Netherlands (4), Brazil (3), Switzerland (1), and Spain (1).
The suspects, Europol famous, have been recognized primarily based on intelligence gathered from the takedowns of the darkish net marketplaces Nemesis, Tor2Door, Bohemia, and Kingdom Markets. A number of suspects are alleged to have performed 1000’s of gross sales on illicit marketplaces, usually utilizing encryption instruments and cryptocurrencies to hide their digital footprints.
“Often known as Operation RapTor, this worldwide sweep has dismantled networks trafficking in medicine, weapons, and counterfeit items, sending a transparent sign to criminals hiding behind the phantasm of anonymity,” Europol mentioned.
Together with the arrests, €184 million in money and cryptocurrencies, 2 tons of medicine, 180 firearms, 12,500 counterfeit merchandise, and greater than 4 tons of unlawful tobacco have been seized by authorities. The joint motion follows Operation SpecTor in Could 2023, which led to the arrest of 288 darkish net distributors and consumers and the seizure of €50.8 million in money and cryptocurrency.
“With conventional marketplaces underneath growing strain, felony actors are shifting to smaller, single-vendor retailers — websites run by particular person sellers to keep away from market charges and reduce publicity,” Europol mentioned. “Unlawful medicine stay the highest commodity offered on the darkish net, however 2023 additionally noticed a surge in prescription drug trafficking and an increase in fraudulent providers, together with pretend hitmen and bogus listings designed to rip-off consumers.”
