Europol disrupts major malware droppers in Operation Endgame

Europol, along with international partners, has claimed to have successfully conducted the largest ever operation against botnets which play a major role in the deployment of ransomware, codenamed Operation Endgame.

The operation, which was carried over across 16 locations in Europe and West Asia, has led to four arrests (one in Armenia and four in Ukraine), over 100 servers being taken down, and over 2,000 domains being seized.  The operation led to the disruption of malware-distributing platforms such as IcedIDI, SystemBC, Pikabot, Smokeloader, Bumblebee, and Trickbot, and Europol shared that all of them are being used to deploy ransomware and are seen as the main threat in the infection chain.

Europol shared that the operation highlights the profitability of facilitating malware sharing. Citing the example that one of the main suspects earned at least €69 million ($74 million) in crypto by leasing out criminal infrastructure sites to deploy ransomware

Malware droppers are used by threat actors to breach security systems and then inject harmful viruses, spyware or ransomware programs.  While malware droppers by themselves may not be harmful, they facilitate cybercrimes such as ransomware attacks. Attack on malware droppers will have an impact on threat actors who use their facilities.