Crime Doesn’t Always Pay As Avalanche Gets Taken Down.

Avalanche botnet was one of the most incrementing attack vectors challenging organization of all sizes
Avalanche botnet was one of the most incrementing attack vectors challenging organization of all sizesIf there is one thing everybody can agree on, or rather should agree on, is that criminals should always face justice, no matter the cost.

No matter how long it takes, hackers along with other cyber criminals should always face some kind of justice, preferably in the form of a punishment (prison or fine!) in order to set a proper example for posterity.

Well, that is precisely what one can consider to have happened with a crime syndicate known by the name of Avalanche.

It took law enforcement agencies around four years to gather enough intel and data on Avalanche to finally bring it down and shut down its online operations which spanned many continents.

In all honesty, though, the time it took law enforcement agencies to get to the criminal organization says more about the lack of effort on part of the law enforcement agency rather than the brilliance of Avalanche crime ring that managed to evade authorities for so long.

There Is a good chance the people involved with Avalanche must have managed to rake in millions of dollar during the time period.

But, life’s short and hence one has to look at the positive side of things in order to keep moving forward (and stay sane) and hence the fact that there will be no more Avalanche, is a respite to all those who might have been affected by the criminal organization’s activities.

Who Should We Thank For Avalanche Take Down?

No one particular law enforcement agency that’s who.

What we really mean is that, Avalanche crime ring was brought down by a group of law enforcement agencies that worked tirelessly, for quite some time.

It was an international effort in other words.

The official announcement was made just a couple of weeks ago where representative from different law enforcement agencies stated that an international effort led by a group of law enforcement agencies had reached its completion stage and the ambitious task of taking down Avalanche (they referred to the criminal ring as an extensive online criminal infrastructure) had finally been realized.

It was also revealed and this international operation was the largest botnet takedown in history.

That is, the history of the internet which isn’t even 50 years old itself.

The group of law enforcement agencies also said that the combined effort took four years to finish off and during the investigation, they were able to find victims of the botnet in over 180 countries around the world.

NO matter how much you may have traveled, 180 countries is a lot of countries.

For all practical purposes, we can safely assume that the crime ring affected people from every region on the planet. Almost, every region on the planet to be precise.

How Big Was This Avalanche Crime Ring?

Ransomware targeting local files
Multiple malware variants have been observed using Avalanche


Quite big.

In fact, it was huge.

Overwhelming is the word that should be used anywhere where Avalanche’s scale of operation is mentioned. That’s how huge Avalanche was.

And hence it stands to reason that the effort it took to bring down the crime ring was also equally huge. In other words, it didn’t just take four years for law enforcement agencies to bring Avalanche down, it basically took four years of hard work to unwind the criminal organization.

But Avalanche wasn’t just the traditional criminal organization.

It was actually a platform of criminal for criminal by criminals if you know what we mean.

Criminals all over the world used the platform to launch phishing attacks along with other type of cyber attacks such as DDoS (Distributed Denial of Service) attacks and others.

Hackers along with other types of cyber criminals also used the platform for over 8 years to do other kinds of activities as well.

We’re talking about activities such as,

  • Distributing  malware to computer machines located all over the map
  • Steal money and then use advanced methods to shuffle it over to the other side of the border.
  • Picking up from the previous point, Avalanche also morphed into a botnet in order to carry out massive Distributed Denial of Service attacks on key internet infrastructure in order to cause damage or at least some amount of chaos.

Was this all Avalanche did?

Sure the greatest crime ring takedown of the century would include something more?

Something more than the laundry list of criminal activities that most online criminal organization usually get themselves involved in?

The answer to your question/questions is a definite yes.

The activities listed above were just some of the activities Avalanche was known to carry out.

Avalanche, the criminal ring, had other targets too.

It actually had specializations.

Specialization in damaging not online whole institutions related to finance but also people.

The crime ring target people in order to compromise their personal financial data.

And as you might have figured out by now, Avalanche was great at what it did.

Harm people and organizations by stealing money and sensitive information along with disruption of their services.

If a statement from the Department of Justice is worth any weight then Avalanche did some serious damage.

According to the official Department of Justice sources, the monetary loss caused or associated with the crime ring Avalanche and all its malware attacks along with many others, ran well into millions.

Hundreds of millions.

Hundreds of millions of dollars.

In fact, hundreds of millions of dollars all around the world if we’re talking about specifics.

As one might imagine, taking down a criminal ring that had its tentacles into so many “businesses” was one herculean task.

The mere magnitude of the whole operation which would have resulted in a confirm shut down of the criminal ring was huge enough let alone carry out that operation to perfection.

And hence an alliance was formed between the top law enforcement agencies around the world. That collaboration allowed these law enforcement agencies to mount an assault which required coordination on a global scale.

If we’re talking specifics (again) then, according to many reports which have been published in the media in the last couple of weeks, the joint effort from law enforcement agencies had officials working together from over thirty countries.

Some of the well-known law enforcement agencies that helped each other out in order to take down Avalanche crime ring were,

  • The United States Justice Department
  • Europe’s very own Europol
  • And the United Kingdom’s NCA (National Crime Agency)

    Researchers Reveal Altcoin to Reward Participating in DDoS Attacks
    The evolution of Avalanche finally was brought down with collaboration from multiple security agencies and law enforcement services

These three big agencies along with many other smaller ones cooperated with not only each other but also with many other entities from the private sector, such as reputed cybersecurity companies, and notable academics.

Numbers! How Much Damage Did Law Enforcement Agencies Do To Avalanche And Its Operations Around The Globe?

To say the least, it was enough to bring down the whole crime ring and that’s all that counts.

But since we want to talk about the issue in more depth, we’ll just go ahead and quote some numbers that came out in the media when the crime ring was shut down for good.

As far as the final tally is concerned, the operation enabled law enforcement agencies to arrest a total of five people.

Five people?

You might say that isn’t a lot.

Well, in the online world that number is a lot if not infinitely more than the norm.

The norm is a total of zero people caught in most of the cases that involved cybercriminals ripping off people and institutions.

The operation also resulted in 221 servers, that helped Avalanche mount various types of attacks on its eventual victims, were taken out. Or made to go offline.

The total number of servers taken down goes up to 258 if we also count the ones that were seized and not just shut down.

Along with that, law enforcement agencies took control of, disrupted and halted over 800,000 (that is eight hundred thousand) domains that were being used by Avalanche to form the base of its operations.

800,000? That seems like an awfully large number doesn’t it?


Well, just for clarity’s sake, it is an extremely large number.

It says more about the scale of operations Avalanche ran during its reign rather than the efficiency of law enforcement agencies in identifying them and then taking them down, but the internet, along with all the people who use it on a regular basis, should thank these 30 (or more) law enforcement agencies for annihilating all Avalanche  functions.

According to the research done by a nonprofit organization by the name of Shadowserver Foundation (the NGO actually worked extensively on the Avalanche Project), a typical botnet takedown usually picks in the range of 1000 domains every twenty-four hours.

One of the reasons why it was particularly hard and complicated to carry out the Avalanche operation was that the project involved demolishing the fast-flux hosting methods used by the service which allowed to the service to become hidden.

More like, the botnet online “actions” were made invisible by a wall of proxy IP addresses. Criminals working behind the scenes had figured out how to constantly change these proxy IP addresses so that the activities such as distributing malware to machine and phishing were not only more difficult to detect but impossible.

For law enforcement agencies, this setup meant that now it was even more difficult to trace the origins of the botnet and all its actions.

Avalanche’s operations were so huge and complicated and according to one source, it made use of more than 20 types of malware which were spread all over the world in a systematic way.

IN order to stop these actions, the joint action lead by law enforcement agencies had to make use of a new process known as “sinkholing”.

Apparently, this new technique helped these agencies to take down Avalanche operations with relative ease.

What Do You Mean By Sinkholing?

It took 4 years to take down Avalanche
It took 4 years to take down Avalanche

Without going into too many details, the sinkholing method allowed agents from these law enforcement agencies to basically interrupt channels of communication that existed between servers (used by criminals) that sent commands (malicious ones) to potential victims machine and the “eventual” infected machines themselves.

Additionally, the sinkholing method allowed law enforcement agencies to disrupt all the copies of the related malware as well.

How did the malware and all its copies spread?

Of course it was through the vast operations that were run in their entirety by Avalanche.

But was the sinkholing technique effective enough to wipe out Avalanche?

In a way, it wasn’t.

While the sinkholing method took care of copies of malware, it didn’t exactly destroy the complete malware strain.

Also, the sinkholing method was not able to cleanse the infected machines from all the malicious software that was transferred to them by Avalanche.

BUt experts in the cybersecurity industry believe that even without those two exceptions, the operations should be termed as a genuine victory over cybercriminals because of its implications.

In fact, experts also hold that the lessons learnt from taking down Avalanche (even though partially) would serve these same law enforcement agencies really well when they eventually move ahead to take down other criminal enterprises.

Possible Repercussions?

Let’s just say there are always consequences.

They may not be apparent right now. They may not come knocking on the door later either. But they will come when we least expect them to.

Rob Wainwright pointed out in a recent official statement that the operation against Avalanche was actually a highly significant operation that involved international law enforcement agents along with prosecutors and other industry resources which are the requirements to tackle crime in the modern world of cyber criminals and the global nature of it.

He also commented that the complex transnational nature of cyber investigations required international cooperation between private organizations along with public ones at an unprecedented level.

That’s all great but what about the malware that survived the Avalanche operation?

What about that?

Various online antivirus tools have already popped up all over the internet that have the ability to scan some, if not all, of the families of malware that was distributed by team Avalanche.

In fact, many officials who have made their careers with various cyber security companies assure people that they now had the ability to offer online tools which were tailor made to handle and then eliminate infections that were born from Avalanche-related actions.

Symantec, is one of those companies that has done some extensive work on cybersecurity, recently pointed out that malware-hosting networks, such as Avalanche, had been dealt a severe blow.

But people, as in individuals, along with relevant organization owed it to themselves the protect their interests to a greater degree by making use of tools to eliminate potential families of malware that might be present on their computer machines.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.