Congratulations to the multinational government agencies involved in the takedown of the Avalanche cybercriminal infrastructure! The U.S. Attorney’s Office, FBI, Europol, German Police, and others from over 40 countries were involved in disrupting one of the largest support structures for malware, digital money laundering, and Distributed Denial-of-Service (DDoS) attacks. Searches, seizures, and arrests in four countries were conducted to dismantle the sophisticated network of people and technology.
Avalanche hosted, supported, and distributed dozens of malware families, including Citadel, TeslaCrypt, VM-Zues, bugat, QakBot, and many others. For a complete list, visit the US-CERT announcement page. Most notably, it targeted over 40 major financial institutions and hosted major ransomware malware. According to the U.S. CERT team, it was “used to run money mule schemes where criminals recruited people to commit fraud involving transporting and laundering stolen money or merchandise”.
The Avalanche group has been very active for many years. Back in 2010 it was known for its phishing activities and involvement with various Zeus banking trojan malware variants.
This takedown will have a cascading impact to cybercriminals who have relied on its capabilities. It will likely result in a reduced amount of activity until such time as criminals can replace or rebuild these functions. It is a greatly appreciated reprieve. The absence of money laundering services will also be a painful hit to many criminal groups. With Avalanche down or at the very least impacted, it will force changes on behalf of the criminals it serviced. Those deviations represent opportunities for law enforcement’s future actions.
Depending upon the systems and data captured and the cooperation of the people arrested, there may be some great intelligence benefits. Law enforcement may be able to track down some of the organized criminals behind the various malware families and cyber-fraud campaigns. This could lead to more arrests and impacts to malware generation.
A job well done by the multinational team who cooperated to bring down this malignant structure supporting cybercriminals impacting people, governments, and businesses across the globe. Keep up the good work!
What Does Ransomware Sound Like?
Cybersecurity colleague Christiaan Beek went searching for great wisdom and discovered what ransomware sounds like. Not sexy, not ominous, not dark. More like a pinball machine, when you lose.
With all the money the ransomware cybercriminals rake in from their victims, you would think they could invest a bit more in the sound engineering quality or perhaps get a celebrity voice-over.
I think they would get a much better compliance rate for their extortion demands if this was voice by Morgan Freeman. Who could resist that? On second thought, perhaps James Earl Jones, with the Darth Vader mask, would be more appropriate!
They could even bump up the ransom prices. Something needs to justify the price of 10.5 bitcoins! That is almost $800. Wow, have the prices gone up or it just a premium to listen to this verbal notification from the malware?
Thanks Christiaan for sharing. I look forward to your next ransomware discovery! Follow Christiaan on Twitter (@ChristiaanBeek)
For those of you interested in the other sound of ransomware, it is from the victims, who shout in fear, then rage, followed by a whimper, and sometimes crying. If you are a victim of ransomware, visit the NoMoreRansom.org site. It is a free resource that may be able to help and is supported by some of the most respected cybersecurity organizations. Good luck.
- U.S. Justice Dept announcement: https://www.justice.gov/usao-wdpa/pr/avalanche-network-dismantled-international-cyber-operation
- U.S. CERT Alert: https://www.us-cert.gov/ncas/alerts/TA16-336A