HQ/EMEAFind out how we can help your business
Law enforcement agencies worldwide have made a big move against cybercriminals in the latest phase of Operation ENDGAME. The operation is a global effort to stop ransomware attacks by taking down the systems that support them.
Between May 19 and 22, police and legal teams, led by Europol and Eurojust, shut down about 300 servers and 650 websites used by cybercriminals. Moreover, they issued international arrest warrants for 20 suspects.
These actions resulted in the stoppage of numerous attacks before they could even begin. Authorities also seized EUR 3.5 million in cryptocurrency, bringing the total amount taken during Operation ENDGAME to over EUR 21.2 million.
This latest action builds on a major botnet takedown in May 2024, one of the biggest cybercrime crackdowns to date. Since then, Operation ENDGAME has focused on new types of malware and criminal groups trying to rebuild after earlier hits.
It shows how law enforcement stays one step ahead in the fight against cyber threats.
The primary targets were “initial access” malware tools hackers use to quietly break into computer systems before launching ransomware. By blocking these entry points, police disrupted the wider cybercrime network that rents out tools and services to other hackers.
Some malware shut down in this phase included Bumblebee, Lactrodectus, Qakbot, Hijackloader, DanaBot, Trickbot, and Warmcookie. These are often sold or shared in criminal circles to help launch major ransomware attacks. The suspects wanted by police are believed to be key players in running or selling access to these tools.
Operation ENDGAME is the collaboration of multiple law enforcement agencies across different countries.
Operation ENDGAME is a long-term, international mission involving many law enforcement agencies collaborating to shut down the infrastructure that allows ransomware attacks.
Europol has been helping by offering coordination and expert analysis, tracking stolen cryptocurrency, and assisting countries in sharing information in real-time.
During the week of action, a special Command Post was set up at Europol’s headquarters in The Hague, where investigators from Denmark, Germany, France, the Netherlands, Canada, the UK, and the US worked together. They coordinated operations, investigated the servers taken down, and ensured everything ran according to plan.
Operation ENDGAME is ongoing as authorities continue pursuing cybercriminals and dismantling their networks. This global cooperation shows a strong commitment to fighting ransomware from the ground up.
