Avalanche has spread malware and ransomware since 2009.
After spending four years analyzing more than 130 TB of data, authorities in the US and Europe announced Thursday that they are beginning to dismantle an international cybercrime syndicate that spread malware and caused hundreds of millions of dollars in damages.
The operation against the syndicate, known as Avalanche, has already resulted in arrests and searches in the US, Germany, and other countries, and Europol said that more than 220 of Avalanche’s servers have been taken offline.
Avalanche operates as a botnet—a collection of infected Internet-connected devices that can be directed to attack pretty much any target. In this case, the targets were mostly banks and other financial institutions, with an estimated $6.4 million in damages in cyberattacks on online banking systems in Germany alone, according to Europol.
The earliest Avalanche attacks began in 2009, and various criminal groups have since used the network to send more than one million emails with damaging attachments or links every week, Europol said. Avalanche was also blamed for an early ransomware attack in Germany in 2012, which compromised millions of computers.
It is unclear if Avalanche contributed to the growing number of ransomware attacks in the US this year, including one in February against a Hollywood, Calif., hospital that paid $17,000 to unlock its files.
In addition to malware and ransomware, the Avalanche network also hosted several money laundering campaigns, according to a joint statement from the FBI and the US Justice Department. The US authorities are concentrating their efforts on victims of malware attacks in western Pennsylvania, though the agencies did not offer specific details, instead promising to reveal more information next week.