A global Interpol operation last fall “was launched in response to the clear growth, escalation and professionalisation of transnational cybercrime and the need for coordinated action against new cyber threats.” The operation involved law enforcement agencies from more than 50 countries. More than 1,300 suspicious IP addresses were identified; more than 70 percent of those have been taken down. 31 people have been arrested and 70 additional suspects have been identified.
The operation ran from September through November, which is pretty quick for this broad of a takedown and shows what can be done with broad cooperation. The international cooperation included 60 law enforcement agencies as well as Interpol's gateway partner private sector groups such as Kaspersky, TrendMicro, Shadowserver, Team Cymru and Singapore-based Group-IB. The 30% of servers that weren't taken offline are still under active investigation for their involvement in cybercrime operations. The dismantled infrastructure was used for phishing, banking malware and ransomware attacks.