Europol manages to beat Botnet Avalanche

The damage by the Botnet Avalanche estimate the investigators on several hundred million euro. Now there are seized servers and arrests. In addition to US authorities, the prosecutor Verden and the police Lüneburg were involved in the investigation.

The Avalanche botnet was decommissioned after several years of investigation by Europol and the US Department of Justice. The investigators seized several dozen servers. They also arrested five suspects, including the leader of cybercriminals, the Associated Press reports.

According to a press release from Europol , the strike against the botnet operators was only four years into the investigation. In Germany, the prosecutor Verden and the police in Lüneburg participated in the international operation. In the US, the prosecutor in Pennsylvania and the Federal Bureau of Investigation. They received support from law enforcement officers from 30 countries.

The investigators confiscated 39 servers at a total of 37 sites. Another 221 servers were shut down after the authorities informed their hosting providers about the abuse. Also, with more than 800,000 confiscated domains worldwide, Europol described the scale of the investigation as "unprecedented".

The Avalanche botnet has been used in recent years primarily to carry out malware attacks and to organize money laundering. In Germany alone, the damage caused by cyberattacks on online banking systems should amount to 6 million euros. Overall, the investigators estimate the damage caused worldwide to several hundred million euros. "Accurate calculations are difficult because of the large number of malware families managed through the platform," Europol said.

"Avalanche shows that we can only succeed in combating cybercrime by working closely across borders and areas of expertise," commented Julian King, European Union Commissioner for the Security Union. "Cybersecurity and law enforcement agencies need to work hand in hand with the private sector to permanently manage new criminal methods. The EU helps by ensuring the legal framework that enables such cooperation. "

The criminals have been using the avalanche botnet Europol since 2009 to spread malware or send spam and phishing emails. Every week more than one million messages with dangerous file attachments or links were sent.

The investigation started in 2012, triggered by a ransomware called Windows Encryption Trojan that infected a significant number of computers. It is estimated that the botnet contained up to 500,000 malware-infected computers worldwide. Among other things, the malware families Goznym, Marcher, Matsnu and Pandabanker were circulated with the help of Avalanche.

Europol also praised the cooperation with the Federal Office for Information Security (BSI) and the Fraunhofer Institute for Communication, Information Processing and Ergonomics. Both helped with the analysis of 130 TB of collected data on avalanche, which allowed for the breakdown of the server structure of the botnet and the shutdown of thousands of servers.