December 5, 2016

Joint Cyber Operation Takes Down Avalanche Criminal Network 

Servers Enabled Nefarious Activity Worldwide

Computer Servers (Stock Graphic)

It was a highly secure infrastructure of servers that allegedly offered cyber criminals an unfettered platform from which to conduct malware campaigns and “money mule” money laundering schemes, targeting victims in the U.S. and around the world.

But the Avalanche network, which was specifically designed to thwart detection by law enforcement, turned out to be not so impenetrable after all. And late last week, the FBI took part in a successful multi-national operation to dismantle Avalanche, alongside our law enforcement partners representing 40 countries and with the cooperation of private sector partners. The investigation involved arrests and searches in four countries, the seizing of servers, and the unprecedented effort to sinkhole more than 800,000 malicious domains associated with the network.

It’s estimated that Avalanche was responsible for as many as 500,000 malware-infected computers worldwide on a daily basis and dollar losses at least in the hundreds of millions as a result of that malware.

“Cyber criminals can victimize millions of users in a moment from anywhere in the world,” according to Scott Smith, assistant director of the FBI’s Cyber Division. “This takedown highlights the importance of collaborating with our international law enforcement partners against this evolution of organized crime in the virtual.”


The investigation into the highly sophisticated Avalanche network, initiated four years ago by German law enforcement authorities and prosecutors, uncovered numerous phishing and spam campaigns that resulted in malware being unwittingly downloaded onto thousands of computers internationally after their users opened bad links in e-mails or downloaded malicious attachments. Once the malware was installed, online banking passwords and other sensitive information were stolen from victims’ computers and redirected through the intricate network of Avalanche servers to back-end servers controlled by the cyber criminals, who wasted no time in using this information to help themselves to other people’s money.

One type of malware distributed by Avalanche was ransomware, which encrypted victims’ computer files until the victim paid a ransom to the criminal perpetrator. Other types of malware stole victims' sensitive banking credentials, which were used to initiate fraudulent wire transfers. And in terms of the money laundering schemes, highly organized networks of money mules purchased goods with the stolen funds, enabling the cyber criminals to launder the illicit proceeds of their malware attacks.

How did these cyber criminals hear about the Avalanche network in the first place? Access to the network was advertised through postings—similar to advertisements—on exclusive underground online criminal forums.

“Cyber criminals can victimize millions of users in a moment from anywhere in the world.”

Scott Smith, assistant director, FBI Cyber Division

Because most cyber schemes cross national borders, an international law enforcement response is absolutely critical to identifying not just the technical infrastructure that facilitate these crimes, but also the administrators who run the networks and the cyber criminals who use these networks to carry out their crimes.

The FBI—with its domestic and international partners—will continue to target the most egregious cyber criminals and syndicates. But U.S. businesses, other organizations, and the general public need to do their part by protecting their computers and networks from malware and other insidious cyber threats. Don’t click on links embedded inside e-mails. Don’t open e-mail attachments without verifying who they’re from. Use strong passwords. Enable your pop-up blocker. Only download software from sites you trust. And make sure your anti-virus software is up to date.

Each of us securing our own devices—coupled with a coordinated law enforcement effort to combat ongoing cyber threats—will go a long way toward protecting all of us in cyberspace.

Resources: