Avalanche malware network taken down by security consortium

International law enforcement agencies, prosecutors, security and IT organisations buddy up to squash cybercriminal infrastructure

botnet

The Avalanche malware network has been taken down by a group of organisations and companies who uncovered where it was being hosted, Symantec has revealed.

The consortium seized 39 command and control (C&C) servers and "several hundred thousand" domains where at least 17 malware families were being hosted.

The seeds of the investigation were sown more than four years ago, when the company was researching so-called law enforcement ransomware, the most prevalant type of malware at the time, which extorts money from victims by pretending to be a message from an organisation like the FBI.

Advertisement - Article continues below

During its investigation, which was published in a 2012 paper, Symantec discovered two ransomware trojans, Trojan.Ransomlock.P and Trojan.Bebloh, were targeting German speakers in Germany, Austria, and Switzerland. The company joined forces with police in the German town of Luneberg and the Public Prosecutor's Office from the German town of Verden, the company was able to help them get further in their enquiries by reverse engineering malware and identifying malicious infrastructure.

During these tests, Symantec discovered new malware families that were using the same C&C servers, which allowed Luneberg Police to start casting the net wider.

All the malware families were then discovered to be part of the Avalanche botnet, a collection of computers that are rented out to help actors target victims using the C&C architecture.

Advertisement
Advertisement - Article continues below

Other organisations, including the BSI, FKIE, BFK and other law enforcement agencies joined the search to find the root of the network.

On 30 November, the investigations ended and the group not only confiscated the servers used to distribute malware, it also arrested multiple key people alleged to be part of the malware ring.

Advertisement - Article continues below

"The Luneberg police and the Verden Public Prosecutor's Office investigation is a prime example of how the dogged persistence of a team of experienced law enforcement investigators, combined with assistance from government, academia, and private industry, can result in highly-effective action against cybercriminals," Symantec said.

"Symantec was pleased to have been able to assist in this work, and is ready to provide technical assistance to law enforcement as required in future investigations."

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Putting a spotlight on cyber security

An examination of the current cyber security landscape

Download now

The economics of infrastructure scalability

Find the most cost-effective and least risky way to scale

Download now

IT operations overload hinders digital transformation

Clearing the path towards a modernised system of agreement

Download now
Advertisement

Recommended

Visit/security/ransomware/356292/university-of-california-gets-fleeced-by-hackers-for-114-million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Visit/security/cyber-security/356289/australia-announces-135b-investment-in-cybersecurity
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
Visit/cloud/cloud-security/356288/csa-and-issa-form-cybersecurity-partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
Visit/business/policy-legislation/356215/senators-propose-a-bill-aimed-at-ending-warrant-proof-encryption
Policy & legislation

Senators propose a bill aimed at ending warrant-proof encryption

24 Jun 2020

Most Popular

Visit/laptops/29190/how-to-find-ram-speed-size-and-type
Laptops

How to find RAM speed, size and type

24 Jun 2020
Visit/policy-legislation/data-protection/356344/eu-institutions-warned-against-purchasing-any-further
data protection

EU institutions told to avoid Microsoft software after licence spat

3 Jul 2020
Visit/mobile/mobile-phones/356335/the-man-has-ruined-my-huawei-p40
Mobile Phones

The Man has ruined my Huawei P40

3 Jul 2020