- May 29, 2023
- 205
(translated via DeepL)
During an international operation by investigative authorities, several botnets that played a significant role in ransomware attacks were taken offline. In the Netherlands, 33 servers were taken offline and one search was conducted.
International investigative authorities on Tuesday, May 28, took the botnets IcedID, Smokeloader, SystemBC, Pikabot and Bumblebee offline under the banner “Operation Endgame. In an announcement, the Dutch police spoke of the largest operation ever in combating botnets involved in ransomware worldwide.
More than one hundred computer servers worldwide were taken offline and more than two thousand domain names were taken over. Investigative agencies were also able to decontaminate more than ten thousand infected computer systems, by uninstalling the malware. In recent days, there were four arrests and sixteen searches worldwide, including one in the Netherlands. Eight subpoenas have also been issued against suspects.
It is estimated that the criminals behind the botnets caused hundreds of millions of dollars in financial damage to companies and government agencies. Millions of individuals were also victimized, as their systems were infected and made part of the botnet. A system was infected via phishing: victims were tricked into clicking on a false link. On the police's Check your hack site, people can check whether they too were affected and or were part of the dismantled botnets. In addition, the police are working with the DIVD to notify all victims via e-mail, the organization reports on its website.
The operation was carried out by authorities in the Netherlands, Germany, France, Denmark, the United States, the United Kingdom, with support from Europol and Eurojust. The Dutch police emphasize that Operation Endgame is not ending yet, but new actions will be announced in the future. In addition, suspects of this and other botnets that could not yet be apprehended will be addressed directly for their actions.