A German investigation into an OCG called Avalanche involved in malware, phishing and spam activities commenced in 2012, after a wave of encryption ransomware infected a substantial number of computer systems, blocking users’ access. The investigation exposed the existence of a highly sophisticated technical infrastructure that was used to infect millions of private and business computer systems with malware (e.g. banking Trojans and ransomware), enabling the criminals operating the network to harvest bank and e-mail passwords.

With this information, the criminals were able to perform bank transfers from the victims’ accounts. The proceeds were then redirected to the criminals through an infrastructure specifically created to secure the proceeds of the criminal activity. In addition to launching and managing mass global malware attacks, the Avalanche network was used for money mule recruiting campaigns. The Avalanche infrastructure was set up in a way that was highly resilient against takedowns and law enforcement action (through so-called ‘double fast-flux’ technology).