From May 19 to 22, law enforcement agencies from seven countries, coordinated by Europol and Eurojust, conducted a large-scale cyber operation called Endgame 2.0 aimed at destroying the core infrastructure of malicious software — loaders that initiate the chain of attacks. This is one of the most significant blows to the cybercrime industry.
During the operation, over 300 servers were taken down and 650 domains neutralized, and 20 international arrest warrants were issued for suspects involved in cyberattacks, according to an official Europol statement.
The strike targeted not the ransomware programs themselves, but the first stage of the attack — the initial access malware (loaders) that open doors into victims’ systems. These include well-known tools such as Bumblebee, Qakbot, Trickbot, WarmCookie, DanaBot, Lactrodectus, and HijackLoader.
These botnets do not directly encrypt files — instead, they are used by criminal groups to gain access to corporate networks, install malware, and provide access to affiliated actors who then deploy ransomware. Thus, the strike on this infrastructure is considered a disruption of the ransomware "kill chain" at an early phase.
“We are hitting the services that allow ransomware to be launched. This is a strategic advantage that we will continue to develop,” said Europol Director Catherine De Bolle.
During raids, cryptocurrency worth over €3.5 million was seized, and the total financial losses inflicted on cybercriminals across the two phases of Endgame exceeded €21 million. This is an unprecedented sum for anti-crime cyber operations.
Overall, the actions were coordinated from a command center in The Hague, where operatives from North America and Europe worked in sync.
Operation Endgame 2.0 demonstrated that the international law enforcement community can not only respond to attacks but also act proactively by dismantling cybercriminal logistics before ransomware is deployed. This significantly complicates the operations of ransomware groups and undermines the “crime-as-a-service” economy at the infrastructure level.
