It was a highly secure infrastructure of servers that allegedly offered cyber criminals an unfettered platform from which to conduct malware campaigns and "money mule" money laundering schemes, targeting victims in the U.S. and around the world. Estimates of the scope of network put the dollar losses in the hundreds of million and the number of systems infected at more than 500,000.
But the Avalanche network, which was specifically designed to thwart detection by law enforcement, turned out to be not so impenetrable after all. In December 2016, the FBI took part in a successful multi-national operation to dismantle Avalanche, alongside law enforcement partners representing 40 countries and with the cooperation of private sector partners. The investigation involved arrests and searches in four countries, the seizing of servers, and the unprecedented effort to sinkhole more than 800,000 malicious domains associated with the network.
The types of malware and money mule schemes operating over the Avalanche network varied. Ransomware such as Nymain, for example, encrypted victims' computer files until the victim paid a ransom (typically in a form of electronic currency) to the cybercriminal. Other malware, such as GozNym, was designed to steal victims' sensitive banking credentials and use those credentials to initiate fraudulent wire transfers. The money mule schemes operating over Avalanche involved highly organized networks of "mules" who purchased goods with stolen funds, enabling cybercriminals to launder the money they acquired through the malware attacks or other illegal means.
Come hear about how the FBI worked jointly with other agencies, international organizations, foreign government partners, and the private sector to conduct the successful Avalanche takedown, and what the operations means for the future of cyber crime.