As part of Operation Endgame’s latest “seasons” the coalition of law enforcement has removed around 300 servers worldwide, neutralised 650 domains and issued arrest warrants for 20 targets.
First launched in May 2024, Operation Endgame is an ongoing law enforcement operation targeting services and infrastructure that assist or directly in the early or integration of ransomware. Previous editions focused on dismantling the early access malware family that has been used to provide ransomware.
The latest iteration per Europol targeted new malware variants and successor groups that reappeared after last year’s takedowns such as Bumblebee, Lactrodectus, Qakbot, Danabot, Trickbot, and Warmcookie. Interaction actions took place between May 19th and 22nd, 2025.
“In addition, 3.5 million euros of cryptocurrency was seized during Action Week, bringing the total amount seized during Operation Endgame to over 21.2 million euros,” the agency said.
Europol noted that malware variants are provided as services to other threat actors and are used to carry out large-scale ransomware attacks. Additionally, international arrest warrants have been issued for 20 key actors who are believed to provide or operate initial access services to ransomware crews.
“This new phase shows the ability of law enforcement to adapt and attack again, even if cybercriminals are modified and reorganized,” said Catherine de Bore, executive director of Europole. “We are breaking the kill chain with that source by disrupting services that criminals rely on ransomware deployment.”
Germany’s Federal Criminal Police Station (aka Bundeskriminalamt or BKA) has revealed that criminal cases have been launched against 37 identified parties. Some of the individuals added to the EU Most Wanted list are listed below –
Roman Mikhailovich Prokop (aka Kartage), 36, Qakbot Group Danil Raisowitsch Khalitov (Dancho), 37, Qakbot Group Rifkatovich Sharafetdinov (Aka Alik, Gucci), 32, Trickbot Glacbot group grickbot grigbot grigbot group members, 37, 37, 36, Trickbot Group Maksim Sergeevich Galochkin (aka Bentley, Manuel, Max17, Volhvb, Crypt), 43, Trickbot Group vitalii nikolaevich kovalev (aka stern, ben, grave, vincent, benentley, benentley, benentley, benentley, benentley, benentley, bentley, bentley, bentley, bentley, bentley, bentley, ventley, ventley, ventley, ventley, ventley, ventley, ventley, ventley
The disclosure has resulted in the US (130), Germany (42), UK (37), France (29), South Korea (19), Austria (4), Brazil (3) (1) as Europol abolished its large-scale law enforcement business and led to the arrests of 270 people from dark web vendors and buyers in 10 countries.
The suspects were identified based on intelligence gathered from Takedowns at Dark Web Marketplaces Nemesis, Tor2Door, Bohemia and Kingdom Markets, Europol said. Several suspects are said to have made thousands of sales in illegal markets, where cryptocurrencies often use encryption tools and cryptocurrencies to hide their digital footprints.
“This international sweep known as Operation Raptor has dismantled trafficking of drugs, weapons and counterfeit goods, sending clear signals to criminals hiding behind anonymous fantasies.”
In addition to the arrests, authorities seized 184 million euros in cash and cryptocurrency, two tons of drugs, 180 firearms, 12,500 counterfeit products and more than four tons of illegal cigarettes in cash and cryptocurrency. The joint action followed Operation Spector in May 2023, leading to the arrest of 288 dark web vendors and buyers and the seizure of 50 million euros in cash and cryptocurrency.
“As traditional markets put pressure on them, criminals are moving to small retailers run by individual sellers to avoid market rates and minimize exposure,” Europol said. “Although illegal drugs remain top products sold on the dark web, 2023 saw an increase in fraudulent services, including prescription drug trafficking and fake hitmen and fake lists designed to fraudulent buyers.”
Source link
