US, EU take down Avalanche cybercrime network

The Avalanche family of malware has cost users more than $6 million in damages.
Written by Zack Whittaker, Contributor

(Image: file photo)

A massive, complex criminal network that has caused millions of dollars in damages has been identified and targeted, thanks to a multi-national law enforcement effort announced Thursday.

Europol, working with the US Justice Department, said five suspects have been arrested and dozens of servers have been seized as part of the beginning stages of an operation to shut down the Avalanche botnet infrastructure.

One of those arrested was the cybercrime ring leader, according to the Associated Press, citing a Europol official.

Law enforcement called the operation "unprecedented in its scale," and also said that another 221 servers were blocked by sending abuse notifications to the hosting providers, in a statement Thursday.

More than 800,000 malicious domains were also blocked in the process.

The effort to bring the networks offline began Wednesday, a day before the FBI was set to receive expanded hacking powers, which enable the agency to remotely access and search computers in any jurisdiction, including abroad.

The Avalanche botnet infrastructure allowed notorious malware, like the Citadel financial crime malware and TeslaCrypt ransomware, to operate, such as by locking users out of their files for ransom or enlisting devices into Distributed Denial-of-Service (DDoS) attacks to knock out infrastructure. It used a double fast-flux domain name service, which changes the IP address and name server records every five minutes, to hide the servers.

In a brief emailed statement, the Justice Dept. said that more information would be released in the coming week.

Editorial standards