Between May 19 and 22, 2025, authorities across Europe and North America took down approximately 300 servers and neutralized 650 domains that were integral to the cybercrime-as-a-service ecosystem, while international arrest warrants were issued for 20 key figures believed to be central to these illicit activities.
Operation Endgame marks a significant escalation in the ongoing fight against ransomware, extending the efforts of the record-breaking botnet takedowns conducted in May 2024.
This year’s operation targeted a new wave of malware variants and successor criminal groups that had resurfaced following previous disruptions.
By focusing on neutralizing initial access malware malicious software designed to covertly infiltrate computer systems and provide a foothold for subsequent ransomware deployments authorities have disrupted the ransomware kill chain at its source, undermining the ability of threat actors to initiate attacks.
The operation, supported from inception by Europol and Eurojust, involved law enforcement agencies from Canada, Denmark, France, Germany, the Netherlands, the United Kingdom, and the United States.
According to the Report, Europol provided crucial operational coordination, analytical support, and cryptocurrency tracing, with a central Command Post established at its headquarters in The Hague.
Investigators from all participating countries worked closely with Europol’s European Cybercrime Centre and the Joint Cybercrime Action Taskforce, sharing intelligence in real-time and managing the operational response as servers were seized and domains were neutralized.
Key malware strains rendered inoperative during the crackdown include Bumblebee, Lactrodectus, Qakbot, Hijackloader, DanaBot, Trickbot, and Warmcookie.
These sophisticated threat vectors are commonly offered as services within the cybercriminal underworld, providing initial access capabilities that pave the way for ransomware operators to conduct highly disruptive and lucrative attacks on organizations worldwide.
The coordinated takedown also involved the seizure of EUR 3.5 million in cryptocurrency, raising the total haul from Operation Endgame to over EUR 21.2 million in criminal assets.
Judicial coordination by Eurojust was instrumental in enabling the seamless exchange of information and alignment of investigative efforts across jurisdictions, ensuring that the international response was swift and unified.
Several leading suspects have now been placed under international and public scrutiny, with German authorities announcing the addition of 18 individuals to the EU Most Wanted list as of May 23.
Operation Endgame represents a strategic shift in law enforcement’s approach to combating cybercrime.
By targeting the early stages of cyberattacks specifically, the initial access brokers and malware operators that form the backbone of ransomware supply chains authorities are aiming to dismantle the infrastructure that enables the proliferation of ransomware.
Europol Executive Director Catherine De Bolle emphasized that this operation demonstrates the capacity of law enforcement to adapt and strike back, even as cybercriminal groups attempt to retool and reorganize.
The momentum generated by this operation is set to continue, with follow-up actions anticipated and further details to be revealed on the dedicated websites of international law enforcement partners.
Notably, the forthcoming Internet Organised Crime Threat Assessment (IOCTA) 2025, slated for publication on June 11, will spotlight the ongoing threat of initial access brokers and reinforce the need to proactively address the foundational stages of cyberattacks.
As cybercriminal tactics evolve, multinational cooperation and intelligence sharing remain essential to protecting digital infrastructure and disrupting the global ransomware threat.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
The post Massive Global Raid Cripples Ransomware Infrastructure with 300 Servers and 650 Domains Taken Offline appeared first on Cyber Security News.
Microsoft Detection and Response Team details a sophisticated voice phishing (vishing) campaign that successfully compromised…
Jacob Drouin, a former Franklin police officer, is suing the city and its police department…
Winnebago County voters said "no" to a new 1% sales tax to fund school improvements,…
ROCKFORD, Ill. (WTVO) — The Community Action Garden grants are now available for all neighborhood,…
Illinois Lt. Gov. Juliana Stratton, backed by Gov. J.B. Pritzker, will face Republican Don Tracy…
The U.S. Capitol on March 3, 2026. (Photo by Jennifer Shutt/States Newsroom)WASHINGTON — U.S. Senate…
This website uses cookies.