Ransom Paid in Bitcoin
For the past five years or so, the Avalanche network has been involved in a comprehensive ransomware operation that has seen at least 500,000 computers from all over the world compromised.
It has garnered millions of dollars in ransom paid in bitcoin from its victims, one of whom was recently found out to be a state prosecutor’s office in Pennsylvania who paid $1,400 in bitcoin ransom.
Initially, the identity of the government entity victimized by the ransomware operation had not been revealed until the Allegheny County district attorney, Stephen Zappala Jr., came forward to confirm the report to The Associated Press.
The Avalanche network, which was famed for extorting from companies and individuals a substantial amount of money in bitcoin, was shuttered by the U.S authorities and the European Union.
Over 500,000 Computers Infected
The organization has apparently been running the operation since as early as 2010.
According to Acting US District Attorney Soo Song, the takedown of the Avalanche network (that extorted bitcoin ransom from its victims) was unprecedented in its scale, scope of involvement, and the amount of collaboration it took worldwide.
The network specialized in the distribution of two kinds of malware to people who would buy them and use them to infect other computers.
“Money Mules,” or malware that is used to steal online banking information, was used to steal funds from individuals’ or company accounts and transfer it to overseas banks.
Ransomware, on the other hand, locked up a computer network until the victim agreed to pay a sum of money in bitcoin.
Ransomware Accidentally Downloaded by Employee
The incident that would eventually lead to the bitcoin extortion was apparently brought on by the actions of an employee at the prosecutor’s office, who unwittingly clicked on a link provided in a phishing email.
This resulted in the prompt download of the malware, which then went on to infect the entire district attorney’s computer system.
Apparently, the employee had clicked on the link since it appeared to lead back to a legitimate government entity.
Several of the recently released federal court documents noted that the prosecutor’s office had to pay approximately $1,400 in bitcoin ransom in order to get the ransomware deactivated.
The computer system at the prosecutor’s office has since then been beefed up to avoid a repeat of the incidence.
Federal Agency Given Charge of the Investigation
Pennsylvania District Attorney Stephen Zappala Jr. felt that handing over the prosecution of the Avalanche network to the federal agency would be best since the federal government was more capable of dishing out substantial punishments.
The original phishing email was eventually traced back to Australia although there was no specific source behind it.
The bitcoin used to pay off the ransom was, as expected, untraceable.
The US federal government also did not involve the Australian authorities in the saga.
Computers from a total of 189 countries were infected with the ransomware.
Five people, whose identities are yet to be released, have also been arrested.
Extensive Cybercrime Operation Also Targeted Two Other Pennsylvanian Companies
In addition to the office of the district attorney, it was discovered that the Avalanche group had had their sights on two other unidentified companies based in Pennsylvania.
Their illegal operations did not only revolve around bitcoin extortion.
There were a few unsuccessful attempts to steal money using money mules, once from a New Castle company where they attempted to siphon $243,000, and once from a firm based in Carnegie, where a sum of $387,500 was recovered soon after they had tried to steal it.
Germany had been the first to launch investigations into the global cybercrime network four years ago, only bringing in the United States two years ago.
Involvement of Bitcoin in Cybercrimes on the Upsurge
This is not the first time a government entity has had to pay a bitcoin ransom in order to get malware removed from their systems.
In 2014, a $500 bitcoin ransom was paid by the Dickson County Sheriff’s Office in Tennessee, in order to regain control of tens of thousands of files which had been compromised by malware on their network.
In the early months of 2016, the Melrose Police Department in Massachusetts was also a victim of a ransomware infection, which they resolved by paying the requested ransom amount in bitcoin.