According to PANews, a large-scale operation named 'Final Action' was carried out to combat the ecosystem of malicious software distributors. This operation, led by France, Germany, and the Netherlands, took place from May 27 to 29, 2024, targeting various malware distributors including IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee, and Trickbot.
Investigations revealed that one of the main suspects had earned at least 69 million euros (approximately 75 million dollars) in cryptocurrency by deploying ransomware through a rented criminal infrastructure website. Law enforcement agencies are closely monitoring the suspect's transactions and have obtained legal permission to seize these assets in future operations. The press release issued by the European Police Organization did not mention any specific cryptocurrency or platform used in the transactions.
During this operation, law enforcement agencies made progress in disrupting the malware ecosystem. Four individuals were arrested, one in Armenia and three in Ukraine. In addition, 16 locations were searched in Armenia, the Netherlands, Portugal, and Ukraine. Over 100 servers were shut down or disrupted in several countries, including Bulgaria, Canada, Germany, Lithuania, the Netherlands, Romania, Switzerland, the UK, the US, and Ukraine. Authorities also took control of more than 2000 domain names.