Hauptgebaude Europol, The Hague. Question: Builder gallery on the Europol website.
Europol has targeted so-called “droppers” in “Operation Endgame,” which could cause permanent damage to the ransomware infrastructure but may also impact Monero mining.
Anyone keeping an eye on Monero’s hashrate noticed something interesting at the end of May: it dropped from 2.9 Gbps on May 29 to 1.78 Gbps on May 31, losing more than a third in two days and hitting its lowest level in three years.
The source of this unprecedented drop can be attributed to The Hague, specifically the Europol headquarters, where “Operation Endgame” took place from May 27 to 29, dealing a major blow to the so-called “droppers”.
Monero hashrate according to coinwarz.com
A dropper is a type of malware. Droppers infect other systems but do not cause any damage themselves. Rather, they act as Trojan horses for other malware and act as an entry point. The world of cybercrime is increasingly fragmented, and droppers usually do not use the access themselves but sell it to other cybercriminals on the darknet.
What Europol called “the largest ever operation against a botnet” involved the cooperation of numerous European police forces, led by France, Germany and the Netherlands. Together, they took down over 100 servers, seized over 2,000 domains, searched 16 houses (11 of which were in Ukraine), and arrested four individuals (three of whom were Ukrainian residents), who were apparently the dropper's base of operations.
“Operation Endgame” removed numerous droppers, including IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee, and Trickbot. These malware types have unique ways of infecting and infiltrating other systems. By targeting droppers, Europol struck a critical infrastructure for cybercrime, which may be a smart move to continue to thwart the spread of malware.
Following the operation, eight cybercriminals remain at large and have been added to the “Europe's Most Wanted” list. During the course of the investigation, Europol discovered that one of the main suspects had earned at least €69 million worth of cryptocurrency by renting out droppers to ransomware hackers. “The suspects' transactions are being continuously monitored and the legal requirements for future seizures have already been met.”
According to Europol, the botnet infection has caused hundreds of millions of euros in damages in Europe, and the police organisation said the operation was continuing, with more arrests and further destruction of droppers and botnets planned.
While the press release only mentions ransomware, it is highly likely that cryptojacking was also carried out via the dropper. Cryptojacking is the installation of mining software that operates without the user's knowledge or consent. Already in January, Europol arrested a cryptojacker in Ukraine.
Monero is particularly well suited for cryptojacking because it is resistant to ASIC and GPU mining. Not only is the currency profitable to mine with CPUs, the only reliably available and competitive component of an infected system, but the default anonymity of transactions makes coin laundering painless. As early as 2018, Monero proved to be a favorite coin of cryptojackers.
While it may not be easy for Europol to prove these activities, especially the revenue generated through them, the timing of Monero's significant drop in hashrate coinciding with Operation Endgame seems too good to be a coincidence.
More about BitcoinBlog.de – Blog about Bitcoin and Wehrungen
Subscribe to receive the latest posts by email.
