Your article on openrijk.nl?

International Police Services Tackle Ransomware with Operation Endgame

Gebied: Driebergen

The police dismantled several botnets last week during the action week of the international Operation Endgame. International law enforcement agencies took down more than 300 servers worldwide, preventing cybercriminals from accessing their systems. Starting today, 20 suspected cybercriminals are on Europe’s Most Wanted Fugitives list. During the action week, cryptocurrencies worth 3.5 million euros were seized, bringing the total amount seized during Operation Endgame to 21.2 million euros. Alternative interventions were also implemented.

In this coordinated, international Operation Endgame, multiple botnets that played a key role in global cybercrime were dismantled since Monday, May 19, 2025. These include the botnets Bumblebee, Qakbot, Danabot, Hijackloader, Warmcookie, Trickbot, and Latrodectus. The infostealer Lumma was also taken offline this week, in collaboration with Microsoft.

‘This is a continuation of the major action from May last year, during which several botnets were taken offline,’ says Stan Duijf, head of High Tech Crime Operations at the National Unit for Law Enforcement and Interventions. ‘During the past action week, the focus was not only on taking down botnets but also on malware aimed at gaining initial access to computer systems, such as infostealers.’

300 servers offline

In the Netherlands, the operation, with joint efforts from the police under the direction of the National Prosecutors Office, led to the dismantling of the mentioned botnets and malware. Worldwide, 300 servers were taken offline, of which 60 servers in various data centers in the Netherlands.

John Lucas, chief prosecutor of the National Prosecutors Office: ‘With the various actions this week, we have dealt a significant blow to cybercriminals and severely disrupted the criminal cyber ecosystem. It has once again been proven that the close and long-term international cooperation between police and justice from various countries in Operation Endgame can successfully tackle major cybercriminals.’

20 cybercriminals on Europes Most Wanted list

Today, in the context of the international investigation Operation Endgame, under the authority of the German authorities, international arrest warrants have also been issued against 20 suspects of cybercrime. These alleged members of the criminal networks behind the Trickbot and Qakbot botnets are being added to Europe’s Most Wanted Fugitives.

In parallel, American law enforcement authorities have also filed charges against 17 suspects. In the international investigation, they have managed to seize the financial resources of a suspect of the dismantled Qakbot botnet. During the action week, approximately 3.5 million euros worth of cryptocurrencies were seized. Since the start of the investigation in 2023, over 21 million euros worth of cryptocurrencies have been seized in total. American authorities are inventorying which companies worldwide have fallen victim to this botnet. The victims can be compensated. The Dutch authorities are assisting in compensating a large Dutch company.

Long-term strategy: Think about (y)our next move

Operation Endgame does not end after today. New actions will be announced on the website www.operation-endgame.com under the motto “Think about (y)our next move.” Suspects are also directly addressed regarding their actions. Operation Endgame provides criminals and witnesses the opportunity to contact the police.

‘We tackle cybercrime with a broad and unique palette of interventions. Through increasingly intensive cooperation between countries, we are also becoming more effective,’ emphasizes Stan Duijf. ‘They have indeed been working on this for a while. It remains a cat-and-mouse game in which we like to play the cat. Moreover, it sends the signal that no one is untraceable and untouchable, even online.’

Collaborating parties

The joint actions were carried out by authorities in the Netherlands, Germany, France, the United States, the United Kingdom, Denmark, and Canada, with support from Europol and Eurojust and in collaboration with various private parties, including from the partnership Project Melissa.

What is Operation Endgame?

After previous dismantling of botnets Emotet in 2021 and Qakbot in 2023, law enforcement agencies from 14 countries joined forces in an international collaboration: Operation Endgame. Because cybercrime knows no borders. It is often the case that the perpetrator is in country A, the infrastructure in country B, and the victim in country C. International cooperation is therefore essential.

During the first action week in May 2024, more than 100 servers were taken offline and 2000 domains were seized. The IcedID botnet, Smokeloader botnets, SystemBC botnets, Pikabot, Trickbot, and remnants of the Bumblebee botnet were dismantled.

What are botnets and why are they so dangerous?

A botnet is a network of computers infected with malware. What makes botnets so dangerous is that the infected malware essentially opens the door to other forms of cybercrime. An infection of a computer with malware often occurs via a phishing attack via email, where the victim is lured to click on a malicious link or file. The users of the infected computers are often unaware of the infection with the malware. Botnets enable cybercriminals to carry out ransomware attacks, as well as financial fraud and other crimes.

Ransomware or ransom software affects both individuals and businesses. Criminals gain access to a computer and ensure that the owner can no longer access anything. To regain access to the system or to prevent the criminals from leaking sensitive information, they demand a ransom to be paid (‘ransom’), in cryptocurrencies like bitcoins.

Infostealer: Without you realizing it, this virus steals private data, such as your search history and passwords. After the infostealer has collected the data, it is sold online, for example on Telegram or the dark web.

Are your data safe? Check your hack!

Via politie.nl/checkjehack, it is possible to check whether the login details of your email have been leaked and possibly used for sending spam. Within this tool, millions of login details are available, which have been found in botnet investigations and are continuously updated.

Through the ‘check your hack’ page, you can also find more information about securing your computer and your passwords. You will also find various pages with more information about (what you can do against) cybercrime.

To check whether you have malware on your computer, we recommend using an antivirus program. This can search for malware on your system and remove it.

Are you a victim of ransomware?

Then it is important to file a report or a notification. If criminals are paid, it also provides the police with important information. You can report via the police website, report crime anonymously, or at a police station near you.