Brian Sims
Editor

NCA joins international operation to destroy cyber crime services

THE NATIONAL Crime Agency (NCA) has dismantled the servers of prominent malware ‘droppers’ which have enabled cyber criminals to conduct ransomware attacks around the world. ‘Droppers’ are a type of malicious software which, when downloaded to a victim’s system, allow criminals to bypass security measures and deploy harmful malware, including ransomware.

The NCA activity was part of a co-ordinated international operation targeting ‘dropper’ strains including Bumblebee, IcedID, Smokeloader and Pikabot, which were taken offline in late May.

The operation was led by France, Germany and the Netherlands, but also involved law enforcement partners in Denmark, Eurojust, Europol and the United States.

NCA cyber crime specialists mapped out the criminal infrastructure and shut down the servers of both IcedID, as part of wider US-led activity, and Bumblebee, in work which was led by the German authorities.

These particular ‘droppers’ have been crucial in facilitating the most harmful cyber threats faced by the UK and across the world, causing several hundreds of millions in losses to Governments and companies.

They were available to purchase on The Dark Web and usually distributed to victims as attachments via mass spam e-mail campaigns.

Anyone attempting to access the ‘dropper’ sites will now be met with a law enforcement splash page explaining that the network has been seized and is no longer available for use.

Cyber criminals

International partners have identified cyber criminals from across the ‘dropper’ network, some of whom were involved in the development of the malware. They will be deanonymised over the coming months via a purpose-made domain, https://www.operation-endgame.com, as well as posted directly on to Dark Web cyber crime forums.

In some cases, the targets have been e-mailed directly.

A total of four arrests were made across Armenia and Ukraine. Worldwide, over 100 servers were taken down or disrupted, while circa 2,000 domain names are now under the control of law enforcement.

Paul Foster, director of threat leadership at the NCA, said: “These ‘droppers’ provided the building blocks for criminals to carry out serious cyber attacks, which have caused immense damage to victims in the UK and across the globe. Collaborative international investigations such as this are the most impactful way in which to disrupt the most harmful cyber criminals and degrade the tools and services underpinning their operations.”

Foster concluded: “I would urge any businesses that may have been a victim of cyber crime to come forward and report such incidents to law enforcement.”

Company Info

WBM

64 High Street, RH19 3DE
EAST GRINSTEAD
RH19 3DE
UNITED KINGDOM

03227 14

Login / Sign up