Krasimir Nikolov was extradited to the US and charged with one count of criminal conspiracy, one count of unauthorized access of a computer to obtain financial information, and three counts of bank fraud for his use of malware known as GozNym, which was distributed via infrastructure known as Avalanche. to steal funds from businesses in the US. See https://www.justice.gov/usao-wdpa/pr/bulgarian-charged-goznym-malware-attacks-us.
Nikolov pleaded guilty to these charges on April 10, 2019. See https://www.post-gazette.com/news/crime-courts/2019/04/11/Bulgarian-hacker-Krasimir-Nikolov-pleads-guilty-Avalanche-malware-local-businesses/stories/201904110085.
NCFTA intelligence analysts (IAs) and financial institutions which are members of the NCFTA disseminated significant intelligence to law enforcement to assist this effort.