You're reading: US, EU and Ukraine take down global cybercrime network

European Union and U.S. officials say they have shut down a cybercrime group accused of stealing hundreds of millions of dollars worldwide, putting five key suspects in custody – three of whom are Ukrainians.

The European Union police agency Europol announced late on Dec. 1, that it had confiscated 39 servers and hundreds of thousands of internet domains used by the Avalanche network, a major player in the illegal market for cybercrime services.

The global effort to take down this network involved close support between prosecutors and investigators from 30 countries, including Ukraine, Germany, Australia, Sweden, Singapore, and the United States.

The Ukrainian National Police played its part, detaining one of the suspects in Poltava, some 350 kilometers from Kyiv, on Nov. 30.

The Ukrainian is allegedly the head of the Avalanche network.

“He will be convoyed to Germany or convicted in Ukraine,” Vadym Troyan, the chief of Ukraine’s National Police said in a statement on Dec. 1. According to Ukrainian Prosecutor General Yuriy Lutsenko, the suspect put up armed resistance, having in his possession a Kalashnikov rifle and a handgun.

“We have arrested the top, the head of the snake,” Fernando Ruiz, the head of operations at Europol’s Cybercrime Center, told The Associated Press ahead of the announcement. “We’re sure that this will have a very huge impact.”

Avalanche consists of 27 people of different nationalities, and 10 of them are Ukrainians.

In total, multi-national law enforcements have arrested five individuals during raids on 37 premises around the globe, and putting 221 servers offline through abuse notifications sent to the hosting providers.

“The Avalanche (raids) show that we can only be successful in combating cybercrime when we work closely together, across sectors and across borders,” said Julian King, the European Commissioner for the Security Union.

Criminal groups had been using the Avalanche infrastructure since 2009 to spread malware, and conduct phishing and spamming. They sent more than 1 million emails with damaging attachments or links every week to unsuspecting victims.

The Avalanche network was estimated to involve as many as 500,000 infected computers worldwide on a daily basis. Victims of malware infections have been identified in more than 180 countries.

Europol says Avalanche caused an estimated 6 million euros in losses in concentrated cyberattacks on online banking systems in Germany alone.

The monetary losses associated with malware attacks conducted over the Avalanche network are estimated to be in the hundreds of millions of euros worldwide, although exact calculations are difficult due to the high number of malware families managed through the platform.


According to Europol, the operation marks the largest-ever actions to combat botnet infrastructures, and is unprecedented in its scale, with over 800,000 domains seized or blocked.

Europol supported the German authorities throughout the entire investigation by assisting with the identification of suspects and the exchange of information with other law enforcement authorities.

“The complex transnational nature of cyber investigations requires international cooperation between public and private organizations at an unprecedented level to successfully impact on top-level cybercriminals,” Europol Director Rob Wainwright stated on Dec. 1.

“The Avalanche (case) has shown that through cooperation we can collectively make the internet a safer place for our businesses and citizens.”

Kyiv Post staff writer Denys Krasnikov can be reached at [email protected].