More than 20 countries participated in a coordinated takedown of multiple platforms selling cheap access to distributed denial-of-service (DDoS) attacks.

Europol said four people were arrested and 25 search warrants were executed but did not provide detail on the raids or those detained. More than 50 domains were seized and European authorities said they identified about 75,000 users of the DDoS-for-hire sites.

U.S. officials announced their own court-authorized website seizure of eight sites, including “Vac Stresser” and “Mythical Stress.” Justice Department prosecutors in Alaska said they “conducted searches of DDoS-for-hire backend servers.”

The sites “purport to launch tens of thousands of DDoS attacks per day,” prosecutors added. A law enforcement banner now appears at the domains for both “Vac Stresser” and “Mythical Stress.”

A Justice Department spokesperson directed all questions about the arrests to Europol, which did not respond to requests for comment. 

In court documents, the DOJ said the domains taken down include Quantum-stress, Stresse, Unknownstresser, Vacstresser, dreams-stresser, Mythicalstress and others.

An FBI agent said they purchased a Mythical Stress plan that offered a month of DDoS attacks for $45. Three victim IPs could be targeted at a time for an attack that would last 40 minutes. The most expensive plan was $950 per month, offering attacks that last 500 hours and can target 90 victim IPs.

One of the platforms boasted of being used to launch more than 142 million DDoS attacks. 

The Justice Department said the DDoS services targeted an array of victims in the U.S. and abroad, “including schools, government agencies, gaming platforms, critical infrastructure, including Department of War resources, and millions of people.”

The recent actions are part of an “operational sprint” where countries coordinate with experts and dismantle the infrastructure that enables DDoS attacks, Europol added. 

Information from several previously seized databases allowed Europol to geolocate more than three million “criminal user accounts” which “led to a series of coordinated actions across the globe during the action week.”

Law enforcement agencies around the world have worked for nearly a decade to disrupt the DDoS-for-hire industry — arresting administrators and seizing databases in dozens of countries as part of Operation PowerOFF. Powerful DDoS tools flood targeted servers with unwanted traffic and are used by an array of online actors including gamers and nation-states. 

Justice Department officials acknowledged that despite years of effort, DDoS services “have continued to proliferate as they offer a low barrier to entry for users looking to engage in cybercriminal activity.”

Eleven people have been charged in the U.S. over the last four years with facilitating DDoS-for-hire services and 100 domains have been seized. 

Last year, Polish police arrested four people allegedly operating six different DDoS-for-hire sites, offering their services for as little as 10 euros.