Avalanche botnet mastermind? Wanted cybercrime suspect has just been arrested

​Gennadiy Kapkanov, suspected of running one of the world's largest malware networks, nabbed in Ukraine.
Written by Andrada Fiscutean, Contributor

Video: Where are Europe's worst botnet clusters? Check Norton's new map

Alleged leader of the massive Avalanche cybercrime network, Gennadiy Kapkanov , has been arrested, according to Ukraine's Interior Ministry

Police detained Kapkanov, aged 33 years, on Sunday, following a raid at the flat he rented in the capital, Kyiv. They seized a laptop, flash drives, and money, Ukraine's Cyber Police said.

He was then transferred to his hometown, Poltava, where the court decided on the conditions of his detention. Police said he had been in hiding and using a forged passport.

Kapkanov will spend the next 60 days in custody, without the option of bail, local judge Elena Shevskaya has ruled. However, he could appeal the decision within the next five days, local news website Poltava.to reports.

The Avalanche network ran for seven years. Europol estimate that it cost users hundreds of millions of US dollars, with losses from German banking systems alone amounting to €7m ($8.6m). At its peak, the gang was allegedly infecting up to half a million computers a day worldwide.

The group conducted malware distribution, phishing, and spam campaigns using its botnet infrastructure. Every week, they sent more than a million malicious emails.

The network was shut down at the end of November 2016, after a joint effort by prosecutors, investigators, and cybersecurity researchers in 30 countries. Some 800,000 internet domains were seized, sinkholed, blocked, Europol said at the time, and several hundred servers were seized.

Fernando Ruiz, the then head of operations at Europol's Cybercrime Center, described the Avalanche infrastructure as "the perfect example of crime as a service".

In fact Kapkanov was among the five suspects arrested that November. When the police entered his apartment in Poltava, 350km East of Kyiv, they said he threatened them with a Kalashnikov assault rifle and a handgun, and even tried to escape over a balcony.

Although he was taken into custody, local judge Larissa Kuleshova ordered his release, despite his four-year presence on Interpol's most-wanted list. Soon afterwards, he disappeared.

Kapkanov is charged with several criminal offenses, local newspaper KyivPost reports. They include hacking into computer systems and computer networks, large-scale fraud, money laundering, but also armed resistance to law-enforcement agents.

He also faces charges in France and Germany. If found guilty, he could spend up to 10 years in jail.


Ukraine police say Gennadiy Kapkanov had been in hiding and using a forged passport.

Image: Ukraine Ministry of Internal Affairs/Twitter

Previous and related coverage

Avalanche botnet network struck down in global operation

A concerted effort between law enforcement and cybersecurity firms has resulted in the destruction of a major botnet platform.

A giant botnet behind one million malware attacks a month just got shut down

An arrest has been made over the Andromeda botnet, following an operation involving the FBI, Europol, and cybersecurity companies.

Editorial standards