Europol has arrested five criminals who belonged to a group that used the Avalanche botnet infrastructure. Cyber criminals used the Avalanche botnet to distribute the Crypt0L0cker ransomware and banking Trojans as part of their phishing campaigns.
Europol worked on this investigation together with the FBI and coordinated it from the European Cybercrime Centre in The Hague.
In total, more than 30 countries were involved in the investigation. In addition to the 5 arrests, 37 searches were conducted, 39 servers confiscated 221 servers taken offline. These servers were taken offline Wednesday at six different hosting providers. As many as 800,000 domains were seized or used as a sinkhole. The final phase of the operation took place in 10 countries.
About half a million of computers we infected with the help of Avalanche botnet. Victims from 180 countries received an email with an infected link or attachment. The loss caused by the network is estimated to be hundreds of millions of Euros. Only in Germany, the hackers managed to steal 6 million Euro from bank accounts. The total damage is not known.
Avalanche botnet was used to distribute plenty of different malware families, including banking Trojans, key loggers, spyware and others. The botnet was used in combination with money mules, people who launder the money. Using stolen credit card numbers, criminals bought various goods through numerous online stores.