International law enforcement agencies have seized servers and domains belonging to a major cyber crime gang responsible for 17 or more malware families.
The takedown after four years of investigation was conducted on 30 November and took down 39 servers and hundreds of thousands of domains being used by the network. Five individuals were arrested and 37 premises were searched.
Avalanche, which was used as a delivery platform to launch global malware attacks and money mule recruiting campaigns, has stolen an estimated €6 million. According to Europol it affected victims in 180 countries, while 221 servers were put offline through abuse notifications sent to the hosting providers.
The malware delivered through the platform included ransomware as well as malware capable of harvesting user passwords for bank and email before hackers performed bank transfers from victim accounts. Families included goznym, marcher, matsnu, urlzone, xswkit, and pandabanker.
Different incidences of malware were discovered independently before law enforcement agencies found that the same infrastructure was being used. This botnet, termed Avalanche, was then investigated.
The takedown operation was led by the Public Prosecutor’s Office Verden and the Lüneburg Police in Germany with cooperation from the United States Attorney’s Office for the Western District of Pennsylvania, the Department of Justice and the FBI, Europol, Eurojust and global partners.
Cyber security firm Symantec provided technical assistance to the police during the investigation by reverse engineering malware and identifying malicious infrastructure.
Julian King, European Commissioner for the Security Union, said: “Avalanche shows that we can only be successful in combating cybercrime when we work closely together, across sectors and across borders.
“Cyber security and law enforcement authorities need to work hand in hand with the private sector to tackle continuously evolving criminal methods. The EU helps by ensuring that the right legal frameworks are in place to enable such cooperation on a daily basis.”