Major ransomware IP takedown
Global law enforcement dismantled 45,000 malicious IPs used in ransomware campaigns, an operation researchers say ran July 2025–Jan 2026 and exposed how attackers build botnets from hijacked devices reported. The scale underlines why segmentation, patching, and strict inventory control remain central to protecting school networks.
Operation Synergia III (coordinated by INTERPOL) interpol.int involved law enforcement from 72 countries, produced 94 arrests, left 110 people under investigation, and resulted in the seizure of 212 electronic devices and servers. Investigators in Macau identified and dismantled more than 33,000 phishing and fraudulent websites that impersonated banks, government portals and payment services, according to INTERPOL’s operational summary. interpol.int A targeted sweep in Bangladesh led to 40 arrests and the confiscation of 134 electronic devices tied to loan, job‑scam and identity‑theft schemes, as reported by INTERPOL. interpol.int Private cybersecurity firms Group‑IB, Trend Micro and S2W supplied the operation with threat intelligence; Group‑IB specifically reported mapping phishing domains and servers used to distribute infostealer malware and other payloads. group-ib.com Law‑enforcement briefings and industry tracking this month also highlighted large router‑focused botnets: Europol noted SocksEscort had compromised hundreds of thousands of routers and IoT devices (more than 369,000 devices across 163 countries), illustrating the same hijacked‑device model uncovered by the operation. techcrunch.com INTERPOL converted raw network data into actionable indicators that enabled coordinated cross‑border raids and local investigative follow‑ups, a workflow the agency credited with enabling the multi‑jurisdiction seizures and arrests. interpol.int
