A major international law enforcement effort has disrupted one of the world’s largest cybercrime networks, targeting ransomware, data theft, and digital espionage. Led by Germany’s Federal Criminal Police Office (BKA), the operation involved agencies from the United States, United Kingdom, France, Canada, Denmark, and the Netherlands. The coordinated action marks a major blow against Russian-led cybercriminals behind widespread attacks on governments, businesses, and individuals.
The group is accused of launching ransomware campaigns that infected more than 300,000 systems worldwide. Investigators say the cybercriminals stole sensitive data, demanded large ransoms, and caused severe financial damage. A total of 20 arrest warrants were issued, and 16 indictments were unsealed in the United States. This marks one of the biggest legal moves against digital extortion and hacking to date.
At the heart of this network were the Qakbot and Danabot malware programs. These tools allowed hackers to infiltrate networks and demand money to unlock them. The programs also secretly stole information from users and sent it back to servers in Russia. Some attacks targeted government and military organizations, showing that the group’s activities went beyond profit. They were also gathering intelligence, posing risks to national security.
German authorities named several suspects believed to be the key players in the criminal scheme. Rustam Rafailevich Gallyamov from Moscow, Aleksandr Stepanov—known online as “JimmBee”—and Artem Aleksandrovich Kalinkin, also called “Onix,” were identified as top figures in the malware operations. Another central figure is Vitalii Nikolayevich Kovalev, who used the names “Stern” and “Ben.” Officials say he led the infamous Conti ransomware group and was behind other operations like Royal and Blacksuit. These ransomware tools reportedly brought in up to €1 billion in cryptocurrency from victims.
Authorities believe these individuals worked from safe locations such as Russia and Dubai, where extradition is unlikely. Despite this, the international police effort has managed to name and expose them. According to officials, this public exposure weakens their power and limits their ability to recruit or collect funds. One more suspect, Roman Mikhailovich Prokop from Ukraine, has been added to Europe’s most-wanted list due to his suspected involvement in the Qakbot operations.
This global crackdown, named Operation Endgame, began in 2022. It was launched in response to a sharp rise in ransomware attacks affecting organizations across Europe and beyond. BKA President Holger Münch said the success of the operation shows that teamwork between countries can lead to real results in the fight against cybercrime. He emphasized that while arrests remain difficult in some countries, exposing these individuals is an important first step.
One of the key goals of the operation was to cut off the group’s communication channels and access to money. Officials say they achieved this by freezing accounts, blocking access to online platforms, and taking down technical infrastructure. This has made it much harder for the group to carry out future attacks.
Many of these cybercriminals used online forums in the Russian language to share tools, find partners, and organize their operations. They used fake names, encryption, and hidden networks to avoid detection. But police say those tricks are no longer enough. They are improving their tools and working more closely across borders to catch those who use the internet to harm others.
Holger Münch said in a statement, “Operation Endgame 2.0 proves cybercriminals can’t count on anonymity. We will continue tracking and exposing them wherever they hide.” This marks a strong warning for others who believe they can avoid the law through the use of digital networks.
Experts say this operation is a turning point in the fight against international cybercrime. While it may not end all attacks, it sends a message that even powerful hacker groups are not safe from justice. The move also shows how important international cooperation is in tackling digital threats that know no borders.
Governments and security agencies are urging organizations to improve their digital defenses. Simple steps like updating software, using strong passwords, and training employees can go a long way in preventing these attacks. As the fight against cybercrime continues, law enforcement agencies are calling on the public and private sectors to work together.