An ongoing international effort against cybercrime operators announced a massive takedown of ransomware networks.A collection of agencies, including Europol, the FBI and the Department of Justice, announced they conducted a seizure of domains and servers from several groups specializing in ransomware scams.In total, the agencies said they seized 300 servers and knocked 650 domains offline. Additionally, the law enforcement agencies said they criminally indicted 20 individuals.”This new phase demonstrates law enforcement’s ability to adapt and strike again, even as cybercriminals retool and reorganize” said Europol Executive Director Catherine De Bolle.“By disrupting the services criminals rely on to deploy ransomware, we are breaking the kill chain at its source.”The takedown is part of the large-scale Operation Endgame international effort to get a handle on ransomware attacks and neuter the cybercrime groups that orchestrate them. In addition to Europol, the operation includes agencies from the U.S., Canada, Denmark, France, Germany, The Netherlands and the United Kingdom.The targeted ransomware groups include Bumblebee, Lactrodectus, Qakbot, Hijackloader, DanaBot, Trickbot and Warmcookie. In addition to operating their own ransomware scams, many of the groups also sold their software to affiliate groups that run their own targeted attack operations.“These variants are commonly offered as a service to other cybercriminals and are used to pave the way for large-scale ransomware attacks,” Europol said.“In addition, international arrest warrants were issued against 20 key actors believed to be providing or operating initial access services to ransomware operators.”Actually apprehending those individuals, however, will be easier said than done. In many cases, the malware operators are located in Eastern European countries, many of which do not observe extradition treaties.For example, the operator of Qakbot was identified to be a 48-year-old Moscow resident named Rustam Rafailevich Gallyamov. The accused ransomware operator would potentially face criminal charges in the U.S., but barring his arrest in an allied country, he will likely never see the inside of an American courtroom.There are some financial ramifications, however. The indictment allows the U.S. government to seize cryptocurrency accounts associated with Gallyamov at an estimated value of $24 million.“Today’s announcement of the Justice Department’s latest actions to counter the Qakbot malware scheme sends a clear message to the cybercrime community,” said Matthew Galeotti, head of the Justice Department Criminal Division.“We are determined to hold cybercriminals accountable and will use every legal tool at our disposal to identify you, charge you, forfeit your ill-gotten gains, and disrupt your criminal activity.”
