FBI-Led Global Effort Takes Down Massive Qakbot Botnet

/in


Botnet text on a red background of binary values.
Image: Whatawin/Adobe Stock

A multinational action called Operation “Duck Hunt” — led by the FBI, the Department of Justice, the National Cybersecurity Alliance, Europol, and crime officials in France, Germany, the Netherlands, Romania, Latvia and the U.K. — was able to gain access to the Qakbot network and shut down the malicious botnet, which has affected 700,000 computers worldwide.

Jump to:

Qakbot nets nearly $58 million in ransom in just 18 months

Over the course of its more than 15-year campaign, Qakbot (aka Qbot and Pinkslipbot) has launched some 40 worldwide ransomware attacks focused on companies, governments and healthcare operations, affecting some 700,000 computers. Qakbot, like almost all ransomware attacks, hit victims through spam emails with malicious links, according to the Justice Department. The DOJ noted that over just the past year and a half, Qakbot has caused nearly $58 million in damages. As part of the action against Qakbot, the DOJ seized approximately $8.6 million in cryptocurrency in illicit profits (here’s the department’s seizure warrant).

According to the DOJ, the action represented the largest U.S.-led financial and technical disruption of a botnet infrastructure leveraged by cybercriminals to commit ransomware, financial fraud and other cyber-enabled criminal activities.

“Cybercriminals who rely on malware like Qakbot to steal private data from innocent victims have been reminded today that they do not operate outside the bounds of the law,” said Attorney General Merrick B. Garland in a statement.

SEE: LockBit, Cl0P expand ransomware efforts (TechRepublic)

FBI Director Christopher Wray said on the FBI’s website that the victims ranged from financial institutions on the East Coast to a critical infrastructure government contractor in the Midwest to a medical device manufacturer on the West Coast.

FBI injects computers with uninstaller file to dislodge Qakbot

The FBI said that, as part of the operation, it gained access to Qakbot’s infrastructure and identified hundreds of thousands of infected computers worldwide, including more than 200,000 in the U.S. As part of the action, the Bureau…

Source…