FBI operation tricked hundreds of computer systems contaminated by Qakbot into uninstalling the malware

A U.S. authorities operation has dismantled the infrastructure of the infamous Qakbot malware, which officers say precipitated “a whole bunch of thousands and thousands” of {dollars} of harm worldwide.

In an announcement on Tuesday, the FBI mentioned that it had efficiently “disrupted and dismantled” the Qakbot malware, and had recognized greater than 700,000 contaminated computer systems worldwide — together with greater than 200,000 in america.

The Division of Justice additionally introduced the seizure of greater than $8.6 million in cryptocurrency from the Qakbot cybercriminal group, which is able to now be made out there to victims. 

The operation, which was carried out in partnership with regulation enforcement businesses in France, Germany, the Netherlands, Romania, Latvia, and the UK, is described as the most important U.S.-led monetary and technical disruption of a botnet infrastructure leveraged by cybercriminals to commit ransomware, monetary fraud, and different cyber-enabled felony exercise.

To dismantle the botnet, the FBI gained lawful entry to Qakbot’s infrastructue and redirected Qakbot site visitors to FBI-controlled servers, which instructed contaminated computer systems to obtain an uninstaller file. This uninstaller was created by regulation enforcement to untether the victims’ computer systems from the Qakbot botnet, stopping additional set up of malware via Qakbot.

Throughout this operation, named “Operation Duck Hunt,” the FBI mentioned it recovered the stolen credentials — together with e mail addresses and passwords — of greater than 6.5 million victims, including that its worldwide companions recognized “thousands and thousands extra”. 

Qakbot, also called “QBot” and “QuakBot,” was first detected in 2007, and has lately turn into the botnet of selection for a few of the most notorious ransomware gangs, together with Conti, ProLock, Egregor, REvil, MegaCortex, and Black Basta. 

These ransomware gangs obtained roughly $58 million in ransom funds between October 2021 and April 2023, based on the FBI, and racked up quite a few victims, together with healthcare suppliers and authorities businesses.

In response to at present’s announcement, these victims embrace an influence engineering agency based mostly in Illinois; monetary companies organizations based mostly in Alabama, Kansas, and Maryland; a protection producer based mostly in Maryland; and a meals distribution firm in Southern California.

Extra to return…


Leave a Comment