This website uses cookies

This website uses cookies to ensure you get the best experience. By using our website, you agree to our Privacy Policy

Quotation Marks
I would urge any businesses that may have been a victim of cyber crime to report such incidents - Paul Foster, Director, Threat Leadership, NCA

National Crime Agency part of international operation to destroy cyber crime services

News
Share:
National Crime Agency part of international operation to destroy cyber crime services

By

The National Crime Agency (NCA) has successfully dismantled servers of prominent malware ‘droppers’ that have enabled cyber criminals to conduct ransomware attacks worldwide

Droppers are a type of malicious software that, once downloaded onto a victim’s system, allow criminals to bypass security measures and deploy additional harmful malware, including ransomware. This week (w/c 27 May), a coordinated international operation targeted dropper strains such as Bumblebee, IcedID, Smokeloader, and Pikabot, taking them offline.

The operation was spearheaded by France, Germany, and the Netherlands, with involvement from law enforcement partners in Denmark, Eurojust, Europol, and the United States. NCA cyber crime specialists played a crucial role by mapping out the criminal infrastructure and shutting down the servers of IcedID (part of wider US-led activity) and Bumblebee (led by German authorities).

These specific droppers have been central to some of the most harmful cyber threats globally, causing several hundreds of millions in losses to governments and companies. They were typically available for purchase on the dark web and distributed to victims via mass spam email campaigns.

Anyone attempting to access the dropper sites will now encounter a law enforcement splash page, indicating that the network has been seized and is no longer available for use. International partners have identified cyber criminals from across the dropper network, including some involved in developing the malware. These individuals will be deanonymized over the coming months through a dedicated domain, https://www.operation-endgame.com, and their identities posted on dark web cybercrime forums. In some instances, targets have been emailed directly.

The operation resulted in four arrests in Armenia and Ukraine. Globally, over 100 servers were taken down or disrupted, and approximately 2,000 domain names are now under law enforcement control.

Paul Foster, Director of Threat Leadership at the National Crime Agency, commented: "These droppers provided the building blocks for criminals to carry out serious cyber attacks, which have caused immense damage to victims in the UK and across the globe. Collaborative international investigations such as this are the most impactful way to disrupt the most harmful cyber criminals and degrade the tools and services which underpin their operations. I would urge any businesses that may have been a victim of cyber crime to come forward and report such incidents to law enforcement."