International strike against criminals trying to beat anti-virus

15 June 2017

Arrests and searches have taken place across the UK in a coordinated international law enforcement operation targeting people suspected of using cyber tools to get around anti-virus computer protection.

Data shared with international partners by Europol’s European Cybercrime Centre (EC3) and the Joint Cybercrime Action Taskforce (J-CAT) triggered investigations across Europe.

UK operations

In the UK, the NCA used the data to identify individuals who had uploaded and tested malware, and passed their details to cyber crime specialists in the Regional Organised Crime Units for action.

Four arrests were carried out between 5 and 9 June 2017 at addresses in Wales, Yorkshire and Humber, South Eastern and Eastern Regions.

Alongside the arrests, officers conducted 31 ‘cease and desist’ visits to young people who are first time offenders, or on the fringes of offending, and may not realise the damage malware can cause.

Swift action

Senior investigating officer David Cox, from the NCA’s National Cyber Crime Unit, said: “Regional Organised Crime Units across the UK have taken swift effective action against those who attempt to use malicious software, and have also played a vital part in deterring young offenders from committing cyber crimes in the future.

“I think a lot of people who put anti-virus protection on their computers would be astonished that there is a whole industry dedicated to trying to get around that protection. It’s why keeping antivirus software up to date is so important.

“Malware that has been tested through Counter Anti-Virus platforms poses a significant criminal threat to the UK, as demonstrated by the recent WannaCry attack. Law enforcement is working collaboratively and proactively to prevent and mitigate further attacks. Denying criminals the ability to test their malware before deploying it can severely disrupt their success and their profit margins.

“The response to this kind of threat is a global one, and the NCA is part of an international network which attacks not only the cyber criminals themselves but the services they provide for each other.”

All ROCUs took part in this activity – Tarian (South Wales), NERSOU (North East), Titan (North West), MPCCU (London), ERSOU (Eastern), SEROCU (South East), West Midlands, (EMSOU) East Midlands, Zephyr (South West) and ODYSSEY (Yorkshire & Humber), plus PSNI and Police Scotland.

Four people have been released under investigation in order for further enquiries to be undertaken.

Public protection

Last year, the Chief Constables Council agreed a bespoke national tasking process for cyber crime cases in recognition of their unique cross-cutting nature. The collaboration across the whole of the UK this week demonstrates this strengthened ability to pursue offenders and protect the public.

The public and businesses can follow simple steps to help protect themselves from malware. These include making sure operating systems are up-to-date with the latest security patches and not clicking on links or attachments in emails if something doesn’t feel quite right.

The latest protection advice is available from the National Cyber Security Centre at

Share this Page: