The Justice Department has spearheaded a multinational operation to dismantle the notorious Qakbot botnet and malware.
The operation involved collaboration from countries including the United States, France, Germany, the Netherlands, the United Kingdom, Romania, and Latvia. This marks the largest U.S.-led disruption of a botnet infrastructure used for ransomware, financial fraud, and other cybercrimes.
"Cybercriminals who rely on malware like Qakbot to steal private data from innocent victims have been reminded today that they do not operate outside the bounds of the law," said Attorney General Merrick B. Garland. "Together with our international partners, the Justice Department has hacked Qakbot's infrastructure, launched an aggressive campaign to uninstall the malware from victim computers in the United States and around the world, and seized $8.6 million in extorted funds."
The Qakbot malware is part of a botnet, a network of compromised computers controlled remotely by perpetrators. The owners of the infected computers are typically unaware of the infection. The FBI's actions are designed to untether these computers from the Qakbot botnet, preventing further malware installations.
The malware has been responsible for infecting more than 700,000 computers worldwide and facilitating ransomware deployments. It has caused hundreds of millions of dollars in damage. The malware primarily spreads through spam emails and can deliver additional malware, including ransomware, once it infects a computer.
Qakbot has been the initial means of infection for many high-profile ransomware groups, including Conti, ProLock, Egregor, REvil, MegaCortex, and Black Basta. These groups have targeted critical industries worldwide, causing significant harm to businesses, healthcare providers, and government agencies. The operation has led to the seizure of almost $9 million in cryptocurrency from the Qakbot cybercriminal organization.
The law enforcement efforts focused solely on eradicating the Qakbot malware from affected computers. They did not address other types of malware that might be present, nor did they access or alter any personal data stored on these computers.
The FBI has gained access to Qakbot infrastructure and identified over 700,000 infected computers worldwide. To further disrupt the botnet, the FBI redirected its traffic through servers controlled by the FBI, which then instructed the infected computers to download a file that would uninstall the Qakbot malware.
Qakbot (also known as Qbot or Pinkslipbot) is a type of malware that primarily targets Windows operating systems. It is often distributed via spam emails containing malicious attachments or hyperlinks. Once installed on a victim's computer, Qakbot can perform a variety of malicious activities, including:
Qakbot is notorious for its ability to evade detection and removal, making it a persistent threat. It has been responsible for significant financial losses and data breaches, affecting individuals, businesses, and even government agencies.
Related: HIPAA Compliant Email: The Definitive Guide