Five people have been arrested and warrants issued for five more people alleged to be behind the GozNym cybercrime group.

The arrests and charges came a through a joint operation between the European Union Agency for Law Enforcement Cooperation and the U.S. Federal Bureau of Investigation with the investigation including raids in Bulgaria, Georgia, Moldova and Ukraine.

GozNym was first detected as a form of malware in 2016, targeting bank accounts usually tied to businesses. The malware itself was a hybrid of two other forms of malware — Nymaim, a “dropper” that allows additional malware to be installed on an infected machine, along with Gozi, Trojan horse malware that facilitate fraud via infected internet browsers.

The gang is believed to have stolen as much as $100 million from more than 41,000 victims across multiple countries.

Among those arrested was alleged mastermind Alexander Konovolov, 35, of Tbilisi, Georgia and his technical assistant Marat Kazandjian, 31.

The gang is said to have worked as a network that exemplified the concept of “cybercrime as a service,” with different criminal services such as bulletproof hosters, money mules networks, crypters, spammers, coders, organizers and technical support all being involved.

“The defendants advertised their specialized technical skills and services on underground, Russian-speaking online criminal forums,” Eurpol said in a statement. “The GozNym network was formed when these individuals were recruited from the online forums by the GozNym leader who controlled more than 41 000 victim computers infected with GozNym malware.”

Those arrested and those being sought, the five remaining men being described as “Russian nationals…on the run,” were all indicted by a court in Pittsburgh, the Western District of Pennsylvania.

“International law enforcement has recognized that the only way to truly disrupt and defeat transnational, anonymized networks is to do so in partnership,”  U.S. Attorney Scott W. Brady said in a separate statement. “The collaborative and simultaneous prosecution of the members of the GozNym criminal conspiracy in four countries represents a paradigm shift in how we investigate and prosecute cybercrime.  Cybercrime victimizes people all over the world.  This prosecution represents an international cooperative effort to bring cybercriminals to justice.”

Authorities on either side of the Atlantic may be celebrating the arrests, but like dark web forums, these sorts of arrests are ultimately like a global game of whack-a-mole: When one group is arrested, others eventually take its place.

Images: miniyo73/Flickr/CC by 2.0/FBI