A U.S. authorities operation has dismantled the infrastructure of the infamous Qakbot malware, which officers say prompted “lots of of thousands and thousands” of {dollars} of harm worldwide.
In an announcement on Tuesday, the FBI stated that it had efficiently “disrupted and dismantled” the Qakbot malware, and had recognized greater than 700,000 contaminated computer systems worldwide — together with greater than 200,000 in the US.
The Division of Justice additionally introduced the seizure of greater than $8.6 million in cryptocurrency from the Qakbot cybercriminal group, which is able to now be made out there to victims.
The operation, which was carried out in partnership with regulation enforcement businesses in France, Germany, the Netherlands, Romania, Latvia and the UK, is described as the most important U.S.-led monetary and technical disruption of a botnet infrastructure leveraged by cybercriminals to commit ransomware, monetary fraud and different cyber-enabled prison exercise.
To dismantle the botnet, the FBI gained lawful entry to Qakbot’s infrastructure and redirected Qakbot site visitors to FBI-controlled servers, which instructed contaminated computer systems to obtain an uninstaller file. This uninstaller was created by regulation enforcement to untether the victims’ computer systems from the Qakbot botnet, stopping additional set up of malware by way of Qakbot.
Throughout this operation, named “Operation Duck Hunt,” the FBI stated it recovered the stolen credentials — together with e mail addresses and passwords — of greater than 6.5 million victims, including that its worldwide companions recognized “thousands and thousands extra.”
The FBI additionally introduced the seizure of 52 servers, which it stated would “completely dismantle” the botnet.
Qakbot, often known as “QBot” and “QuakBot,” was first detected in 2008, making it one of many longest-running botnets. The malware, which first emerged as a banking trojan, infects units primarily by way of phishing emails containing malicious hyperlinks or attachments. As soon as a goal faucets the hyperlink or downloads the attachment, Qakbot would deploy extra malware to their laptop to grow to be a part of a botnet community that might be managed remotely.
In recent times, Qakbot grow to be the botnet of alternative for a few of the most notorious ransomware gangs, together with Conti, ProLock, Egregor, REvil, MegaCortex and Black Basta
In keeping with as we speak’s announcement, these victims embrace an influence engineering agency based mostly in Illinois; monetary companies organizations based mostly in Alabama, Kansas and Maryland; a protection producer based mostly in Maryland; and a meals distribution firm in Southern California.
The U.S. State Division’s Rewards for Justice program has introduced rewards of as much as $10 million for info resulting in the identification of Qakbot operators.
Learn extra on information.killnetswitch:
