The BitTorrent link tracker's internet service provider (ISP) took it offline after being contacted by law enforcement officers.
The US had previously alleged Demonoid was one of the most visited sites used to share pirated content.
Many of its visitors are now concerned their activities may be exposed.
Demonoid's site became unavailable last week, but news of the authorities' involvement only emerged after an article in the local newspaper Kommersant on Monday.
It reported that investigators had visited Colocall's offices, copied data from its servers and sealed off some of its equipment.
Colocall confirmed it had received "several requests" from the authorities, but told the BBC "the decision to terminate the contract with Demonoid has been made without participation of the Ministry".
It would not be drawn on the reason for the action beyond saying there had been a "combination of factors" and "too many issues for a single customer".
It has also emerged that officers at Ukraine's Division of Economic Crimes only acted after being contacted by Interpol.
The international police organisation told the BBC it had passed on a request from the Mexican authorities who had been carrying out their own criminal investigation.
A spokeswoman added that Interpol itself had no further involvement at this stage.
Members of Anonymous subsequently announced plans to attack "those responsible for the interruption" on AnonPR - a website designed to publicise the group's campaigns.
An associated YouTube video announced "operation Demonoid engaged".
Twitter messages from accounts associated with the movement reported a series of DDoS (distributed denial-of-service) attacks followed, in an attempt to overwhelm sites' servers with traffic.
The Kyiv Post confirmed that webpages belonging to the Ukrainian Anti-Piracy Association, the Ukrainian Agency for Copyright and Related Rights, and the National Television and Radio Broadcasting Council of Ukraine all became unavailable for a time.
"Such attacks are an annoyance more than anything else - the sites haven't been hacked as such," said Alan Woodward, from the University of Surrey's department of computing.
"DDoS attacks are fairly easy to do and seem to be Anonymous' preferred tactic. There is no damage to the data held by the organisations affected per se, although there is a loss of service and a potential effect to their reputation."
News site Torrentfreak said dozens of its visitors had contacted it with concerns that their use of Demonoid might now become exposed, revealing they had uploaded and downloaded copyrighted files.
But the site's editor played down the threat.
"I think it is highly unlikely they will pursue more than a handful of users if any at all," Ernesto van der Sar told the BBC.
"Doing so would be very work intensive - some people have used their email addresses, but the authorities would still have to file complaints, check the evidence is in order and then chase people in court.
"In previous instances - such as the case against UK-based BitTorrent tracker Oink - we have seen that users who uploaded the most high profile content were targeted, but I can't see them pursuing hundreds of thousands of users."