Interpol Hits Ransomware, Phishing in Operation Synergia II

Interpol has announced a major cybercrime takedown across three continents as part of an operation targeting phishing, info stealers, and ransomware.

Operation Synergia II has taken down more than 22,000 malicious IP addresses or servers linked to cyber threats, Interpol says.

The joint effort, carried out from April to August 2024, targeted phishing, ransomware and information stealers with the help of private sector partners and law enforcement agencies from 95 member countries.

House searches, seizures, and arrests

The operation led to a series of coordinated actions, including house searches, seizures of servers and electronic devices, and arrests.

Synergia II spanned five countries across three continents:

Hong Kong (China): Police supported the operation by taking offline more than 1,037 servers linked to malicious services.

Mongolia: Investigations included 21 house searches, the seizure of a server and the identification of 93 individuals with links to illegal cyber activities.

Macau (China): Police took 291 servers offline.

Madagascar: Authorities identified 11 individuals with links to malicious servers and seized 11 electronic devices for further investigation.

Estonia: Police seized more than 80 GB of server data and authorities are now working with Interpol to further analyze data linked to phishing and banking malware.

Of the approximately 30,000 suspicious IP addresses identified, 76% were taken down, including 59 servers.

Police officers seized 43 electronic devices (laptops, mobile phones and hard drives), and cuffed 41 suspects, with 65 still under investigation.

“The global nature of cybercrime requires a global response which is evident by the support member countries provided to Operation Synergia II,” said Neal Jetton, Interpol’s Director of the Cybercrime Directorate. “Together, we’ve not only dismantled malicious infrastructure but also prevented hundreds of thousands of potential victims from falling prey to cybercrime. Interpol is proud to bring together a diverse team of member countries to fight this ever-evolving threat and make our world a safer place.”

Transnational cybercrime on the rise

The five-month operation is a response to the escalating threat and professionalization of transnational cybercrime, Interpol says.

It prioritized three key threats: phishing, information stealers, and ransomware.

According to the crime-fighting organization, “phishing remains the most widely reported initial access technique, used to steal data, deploy malware and move within systems.”

Interpol cautions that generative AI is increasingly used by criminals to create lucrative, hard-to-detect phishing scams. And infostealers – malware designed to steal sensitive data such as login credentials or financial information – are increasingly used to infiltrate systems in ransomware attacks.

“In 2023 there was over a 40% increase in the sale of logs collected from infostealers on the deep and dark web,” according to Interpol’s data.

As for ransomware, attacks are said to have increased globally by an average rate of 70% across all industries in 2023, “with targeted sectors and geographies expanding considerably.”

Header image: INTERPOL