Advancing UK Aerospace, Defence, Security & Space Solutions Worldwide
  • Home
  • /
  • Security
  • /
  • NCA part of international op to destroy cyber crime services

Security

NCA part of international op to destroy cyber crime services

The National Crime Agency (NCA) has dismantled the servers of prominent malware ‘droppers’ which have enabled cyber criminals to conduct ransomware attacks around the world.


Image courtesy NCA

EndgameDroppers are a type of malicious software which, when downloaded onto a victim’s system, allow criminals to bypass security measures and deploy additional harmful malware, including ransomware.

The activity was part of a coordinated international operation targeting dropper strains including Bumblebee, IcedID, Smokeloader and Pikabot, which were taken offline last month (w/c 27th May).

Advertisement
Cranfield

The operation was led by France, Germany and the Netherlands but also involved law enforcement partners in Denmark, Eurojust, Europol and the United States.

NCA cyber crime specialists mapped out the criminal infrastructure and shut down the servers of both IcedID, as part of wider US-led activity and Bumblebee, in activity which was led by the German authorities.

These particular droppers have been crucial in facilitating the most harmful cyber threats faced by the UK and across the world, causing several hundreds of millions in losses to governments and companies.

They were available to purchase on the dark web and were usually distributed to victims as attachments via mass spam email campaigns.

Anyone attempting to access the dropper sites will now be met with a law enforcement splash page, explaining that the network has been seized and is no longer available for use.

Advertisement
Marshall RT

International partners have identified cyber criminals from across the dropper network, some of whom were involved in the development of the malware. They will be deanonymised over the coming months via a purpose-made domain, https://www.operation-endgame.com, as well as posted directly on to dark web cybercrime forums. In some cases, the targets have been emailed directly.

A total of four arrests were made across Armenia and Ukraine. Worldwide, over 100 servers were taken down or disrupted, and about 2,000 domain names are now under the control of law enforcement.

Paul Foster, Director of Threat Leadership at the National Crime Agency, said: “These droppers provided the building blocks for criminals to carry out serious cyber attacks, which have caused immense damage to victims in the UK and across the globe.

“Collaborative international investigations such as this are the most impactful way to disrupt the most harmful cyber criminals and degrade the tools and services which underpin their operations.

“I would urge any businesses that may have been a victim of cyber crime to come forward and report such incidents to law enforcement.”

Advertisement
Babcock LB
Expleo to demo next-gen aircraft solutions at FIA2024

Aerospace Defence Security Space Events

Expleo to demo next-gen aircraft solutions at FIA2024

18 July 2024

Engineering, technology and consulting firm Expleo will be exhibiting at Farnborough International Airshow (FIA) 2024 from 22nd- 26th July, demonstrating innovative design and manufacturing solution for next-generation aircraft.

Respect The Range art installed in Wiltshire

Defence Security Events

Respect The Range art installed in Wiltshire

18 July 2024

Giant silhouettes of soldiers have been used to create a new public art installation in Wiltshire to inform and educate the public about the dangers of accessing military land.

Defence Innovation Loans open for applications

Defence Security

Defence Innovation Loans open for applications

17 July 2024

The Defence and Security Accelerator (DASA) supported by Innovate UK Loans Ltd (Innovate UK) are working together to offer Defence Innovation Loans.

ODU enhances retro-fit of AMC Series

Aerospace Defence Security Space

ODU enhances retro-fit of AMC Series

17 July 2024

An innovative connection solution characterised by a 3-in-1 locking mechanism which provides reliable performance for demanding military and civilian applications, the ODU AMC (Advanced Military Connector) range, is now being expanded to address retro-fit requirements.

Advertisement
Cranfield
Babcock supplies LFB with vehicles to tackle wildfires

Security

Babcock supplies LFB with vehicles to tackle wildfires

17 July 2024

Babcock have supplied four extreme weather response vehicles to the London Fire Brigade (LFB) which will be trialled this summer to respond to the growing threat of grass fires and wildfires.

Serco appoints Tom Read as Group Chief Digital and Technology Officer

Defence Security Space

Serco appoints Tom Read as Group Chief Digital and Technology Officer

17 July 2024

Serco has appointed Tom Read to the new role of Group Chief Digital and Technology Officer.

Advertisement
Marshall RT