In a coordinated international crackdown, Europol, alongside law enforcement agencies from around the globe, has executed a sweeping operation that disrupted some of the world’s most notorious ransomware operations. “Operation Endgame”, this large-scale effort resulted in the takedown of 300 servers, the neutralization of 650 domains, and the seizure of €3.5 million in cryptocurrency between May 19 and May 22, 2025.
This action represents one of the most significant efforts to date in dismantling the technical infrastructure behind multiple ransomware strains and targeting the very foundation of cybercriminal networks.
What Is Operation Endgame?
Operation Endgame is a long-term, multi-agency initiative aimed at crippling the ransomware supply chain. The main goal is targeting the actors and services that facilitate attacks. Starting from initial access brokers to malware delivery networks.
The operation involves cooperation between Europol, Eurojust, national cybercrime units, and international partners such as the FBI and law enforcement in countries including Germany, France, the Netherlands, and the United States.
The latest sweep is considered a culmination of months of intelligence gathering, digital forensics, and international collaboration.
Major Takedown in May 2025
During this latest phase of the operation, authorities seized around 300 servers and took down 650 domain names globally. These servers were critical to the deployment and command-and-control (C2) operations of several high-profile malware families, including:
- QakBot
- Bumblebee
- TrickBot
- Lactrodectus
- HijackLoader
- DanaBot
- Warmcookie
These malware strains were widely used by ransomware gangs to gain initial access to corporate and government networks, exfiltrate data, and deploy ransomware payloads.
By shutting down this infrastructure, law enforcement has disrupted the ransomware “kill chain”. Thus, made it significantly harder for attackers to operate.
Financial Seizures and Global Impact
In addition to the infrastructure takedowns, law enforcement agencies also confiscated €3.5 million worth of cryptocurrency, believed to be proceeds from ransomware payments and other illicit activities.
This brings the total amount of assets seized under Operation Endgame to over €21.2 million, a substantial financial blow to the ransomware ecosystem.
Arrest Warrants and Legal Pursuits
Authorities have issued 20 international arrest warrants for individuals suspected of facilitating ransomware campaigns, most of whom are believed to be Initial Access Brokers (IABs). These are cybercriminals who specialize in breaching networks and selling access to ransomware groups.
Notably, 18 of these suspects are slated to be added to the EU’s Most Wanted list. This signals a determined push by law enforcement to publicly name and pursue those responsible.
This Crackdown Has a Huge Impact
Ransomware has become one of the most pervasive cyber threats in recent years. It brings a devastating impact by crippling hospitals, infrastructure, corporations, and even government agencies. By targeting the backend infrastructure and the brokers who enable these attacks, Operation Endgame represents a paradigm shift in cybercrime enforcement.
Rather than waiting for attacks to occur, agencies are proactively disrupting the ecosystems that allow ransomware to flourish.
A Message to Cybercriminals
The message from law enforcement is clear: there are consequences. As Europol stated, these efforts demonstrate that cybercriminals can no longer hide behind digital anonymity or international borders. Global cooperation and technical prowess are proving to be effective weapons against even the most complex cybercrime operations.
Final Thoughts
Operation Endgame is a landmark in the fight against ransomware. With hundreds of servers dismantled, millions seized, and key suspects hunted, it sends a strong signal to the cybercriminal underworld: your infrastructure is no longer safe.
As cyber threats evolve, so too must the global response. This operation shows that when nations work together, cybercrime has nowhere to hide.
