Botnet taken down through international law enforcement cooperation

On 24 February, Europol's European Cybercrime Centre (EC3) coordinated a joint international operation from its operational centre in The Hague, which targeted the Ramnit botnet that had infected 3.2 million computers all around the world. The operation involved investigators from Germany, Italy, the Netherlands, and the United Kingdom – who led the operation – along with partners from private industry.

This botnet – a term used to describe a network of infected computers - was used by the criminals running it to gain remote access and control of the infected computers, enabling them to steal personal and banking information, namely passwords, and disable antivirus protection. This malware, infecting users running Windows operating systems, explored different infection vectors such as links contained in spam emails or by visiting infected websites.

Representatives from the various countries, Microsoft, Symantec and AnubisNetworks worked together with Europol officials to shut down command and control servers and to redirect 300 Internet domain addresses used by the botnet's operators. The Joint Cybercrime Action Taskforce* (J-CAT), located at Europol's headquarters, supported the operation. CERT-EU (Computer Emergency Response Team for the EU institutions, bodies and agencies) participated in this operation, relaying information on the victims to their peers, for risk mitigation purposes.

Europol Deputy Director Operations, Wil van Gemert, says: "This successful operation shows the importance of international law enforcement working together with private industry in the fight against the global threat of cybercrime. We will continue our efforts in taking down botnets and disrupting the core infrastructures used by criminals to conduct a variety of cybercrimes. Together with the EU Member States and partners around the globe, our aim is to protect people around the world against these criminal activities."

Microsoft and Symantec have released a remedy to clean and restore infected computers' defences. For those who fear their computer may have been infected, EC3 recommends downloading specialist disinfection software. For further information please visit www.getsafeonline.org or www.cyberstreetwise.com.

Do you want to know what a Botnet is, how it works and how it is used by criminals? Check below our infographic.

For further information, please contact:

Lisanne Kosters, Europol Corporate Communications, +31 70 302 5001

*The J-CAT was created to serve as a platform for targeted operations against global criminal networks and infrastructure, carried out by EC3 and our colleagues in EU Member States and beyond.