Int’l Police Operation Takes Down Ransomware Networks, Arrests 4 Suspects

FILE PHOTO: A man takes part in a hacking contest during the Def Con hacker convention in Las Vegas, Nevada, US on July 29, 2017. REUTERS/Steve Marcus/File Photo
FILE PHOTO: A man takes part in a hacking contest during the Def Con hacker convention in Las Vegas, Nevada, US on July 29, 2017. REUTERS/Steve Marcus/File Photo
TT

Int’l Police Operation Takes Down Ransomware Networks, Arrests 4 Suspects

FILE PHOTO: A man takes part in a hacking contest during the Def Con hacker convention in Las Vegas, Nevada, US on July 29, 2017. REUTERS/Steve Marcus/File Photo
FILE PHOTO: A man takes part in a hacking contest during the Def Con hacker convention in Las Vegas, Nevada, US on July 29, 2017. REUTERS/Steve Marcus/File Photo

Police coordinated by the European Union's justice and police agencies have taken down computer networks responsible for spreading ransomware via infected emails, in what they called the biggest ever international operation against the lucrative form of cybercrime.
The European Union's judicial cooperation agency, Eurojust, said Thursday that police arrested four “high value” suspects, took down more than 100 servers and seized control of over 2,000 internet domains.
The huge takedown this week, codenamed Endgame, involved coordinated action in Germany, the Netherlands, France, Denmark, Ukraine, the United States and United Kingdom, Eurojust said. Also, three suspects were arrested in Ukraine and one in Armenia. Searches were carried out in Ukraine, Portugal, the Netherlands and Armenia, EU police agency Europol added.
It is the latest international operation aimed at disrupting malware and ransomware operations. It followed a massive takedown in 2021 of a botnet called Emotet, Eurojust said. A botnet is a network of hijacked computers typically used for malicious activity.
Europol pledged it would not be the last takedown, The Associated Press reported.
“Operation Endgame does not end today. New actions will be announced on the website Operation Endgame," Europol said in a statement.
Dutch police said that the financial damage inflicted by the network on governments, companies and individual users is estimated to run to hundreds of millions of euros (dollars).
“Millions of people are also victims because their systems were infected, making them part of these botnets,” the Dutch statement said.
Eurojust said that one of the main suspects earned cryptocurrency worth at least 69 million euros ($74 million) by renting out criminal infrastructure for spreading ransomware.
“The suspect’s transactions are constantly being monitored and legal permission to seize these assets upon future actions has already been obtained,” EU police agency Europol added.
The operation targeted malware “droppers” called IcedID, Pikabot, Smokeloader, Bumblebee and Trickbot. A dropper is malicious software usually spread in emails containing infected links or attachments such as shipping invoices or order forms.
“This approach had a global impact on the dropper ecosystem," Europol said. “The malware, whose infrastructure was taken down during the action days, facilitated attacks with ransomware and other malicious software.”
Dutch police cautioned that the actions should alert cybercriminals that they can be caught.
“This operation shows that you always leave tracks, nobody is unfindable, even online,” Stan Duijf, of the Dutch National Police, said in a video statement.
The deputy head of Germany’s Federal Criminal Police Office, Martina Link, described it as “the biggest international cyber police operation so far.”
“Thanks to intensive international cooperation, it was possible to render six of the biggest malware families harmless,” she said in a statement.
German authorities are seeking the arrest of seven people on suspicion of being members of a criminal organization whose aim was to spread the Trickbot malware. An eighth person is suspected of being one of the ringleaders of the group behind Smokeloader.
Europol said it was adding the eight suspects being sought by Germany to its most-wanted list.



Canada Navy Patrol Ship Arrive in Cuba on Heels of Russian Warships

The Canadian Navy patrol boat HMCS Margaret Brooke enters Havana's bay, Cuba, June 14, 2024. REUTERS/Stringer
The Canadian Navy patrol boat HMCS Margaret Brooke enters Havana's bay, Cuba, June 14, 2024. REUTERS/Stringer
TT

Canada Navy Patrol Ship Arrive in Cuba on Heels of Russian Warships

The Canadian Navy patrol boat HMCS Margaret Brooke enters Havana's bay, Cuba, June 14, 2024. REUTERS/Stringer
The Canadian Navy patrol boat HMCS Margaret Brooke enters Havana's bay, Cuba, June 14, 2024. REUTERS/Stringer

A Canadian navy patrol ship sailed into Havana early on Friday, just hours after the United States announced a fast-attack submarine had docked at its Guantanamo naval base in Cuba, both vessels on the heels of Russian warships that arrived on the island earlier this week.
The confluence of Russian, Canadian and US vessels in Cuba - a Communist-run island nation just 145 km (90 miles) south of Florida - was a reminder of old Cold War tensions and fraught ties between Russia and Western nations over the Ukraine war, Reuters said.
However, both the US and Cuba have said the Russian warships pose no threat to the region. Russia has also characterized the arrival of its warships in allied Cuba as routine.
The Admiral Gorshkov frigate and the nuclear-powered submarine Kazan, half submerged with its crew on deck, sailed into Havana harbor on Wednesday after conducting "high-precision missile weapons" training in the Atlantic Ocean, Russia's defense ministry said.
Canada`s Margaret Brooke patrol vessel began maneuvers early on Friday to enter Havana harbor, part of what the Canadian Joint Operations Command called "a port visit ... in recognition of the long-standing bilateral relationship between Canada and Cuba."
Hours earlier, the US Southern Command said the fast-attack submarine Helena had arrived on a routine port visit to Guantanamo Bay, a US naval base on the tip of the island around 850 km (530 miles) southeast of Havana.
"The vessel's location and transit were previously planned," Southern Command said on X.
Cuba`s foreign ministry said it had been informed of the arrival of the US submarine but was not happy about it.
"Naval visits to a country are usually the result of an invitation, and this was not the case," said Vice Foreign Minister Carlos Fernández de Cossío.
"Obviously we do not like the presence in our territory (of a submarine) belonging to a power that maintains an official and practical policy that is hostile against Cuba."
A Canadian diplomat characterized the Margaret Brooke`s arrival as "routine and part of long-standing cooperation between our two countries", adding it was "unrelated to the presence of the Russian ships."
Russia and Cuba were close allies under the former Soviet Union, and tensions with Washington over communism in its "backyard" peaked with the Cuban Missile Crisis of 1962. Moscow has maintained ties with Havana.
When asked what message Moscow was sending, Russian Foreign Ministry spokeswoman Maria Zakharova said on Thursday the West never appeared to take notice when Russia sent signals through diplomatic channels.
"As soon as it comes to exercises or sea voyages, we immediately hear questions and a desire to know what these messages are about," Zakharova said. "Why do only signals related only to our army and navy reach the West?"
The Russian warships are expected to remain in Havana harbor until Monday.