Cybercrime

FBI, DOJ disrupt large botnet related to thousands and thousands of {dollars} in ransomware losses

4 weeks ago 3 min read

A global regulation enforcement operation took down the Qakbot botnet and related malware that has been related with numerous cyberattacks and practically $60 million in losses from victims around the globe, the U.S. Division of Justice introduced Tuesday.

The operation that included the FBI, DOJ and authorities in France, Germany, the Netherlands, Romania, Latvia and the UK — is “one of many largest U.S.-led disruptions of a botnet infrastructure” utilized by criminals to facilitate ransomware, monetary fraud and different cyber-enabled felony exercise, the FBI stated in a press release.

Qakbot, often known as Qbot or Pinksipbot, is malware first detected in 2008 that has been related to lots of of thousands and thousands of {dollars} in losses to people and companies within the U.S. and around the globe, based on the FBI. The malware has been an preliminary entry mechanism for quite a lot of ransomware teams over time. Teams resembling Conti, ProLock, Egregor, REvil, MegaCortex and Black Basta have been recognized to make use of it. Between October 2021 and April 2023, the FBI stated, Qakbot directors have acquired charges equivalent to roughly $58 million in ransoms paid by victims.

As a part of “Operation Duck Hunt” the FBI stated it gained entry to 700,000 computer systems worldwide — together with 200,000 within the U.S. — contaminated with Qakbot and redirected botnet visitors “to and thru servers managed by the FBI.” These servers “in flip instructed contaminated computer systems in the USA and elsewhere to obtain a file created by regulation enforcement that will uninstall the Qakbot malware. This uninstaller was designed to untether the sufferer laptop from the Qakbot botnet, stopping additional set up of malware by means of Qakbot,” the FBI stated in its assertion.

The operation was “restricted to data put in on the sufferer computer systems by the Qakbot actors” and “didn’t lengthen to remediating different malware already put in on the sufferer computer systems and didn’t contain entry to or modification of the data of the homeowners and customers of the contaminated computer systems,” the company stated.

The operation is simply the most recent in a string of proactive regulation enforcement actions to fight cybercrime the place the DOJ prioritizes disruption over arrests. The Division additionally introduced on Tuesday the seizure of greater than $8.6 million in cryptocurrency in illicit earnings associated to the botnet and malware operation.

“The FBI neutralized this far-reaching felony provide chain, chopping it off on the knees,” FBI Director Christopher Wray stated in a ready assertion. “The victims ranged from monetary establishments on the East Coast to a crucial infrastructure authorities contractor within the Midwest to a medical machine producer on the West Coast.”

“Qakbot was a big adversary that represented a severe risk to companies around the globe. Engineered for eCrime, Qakbot infections led to the deployment of a number of the most subtle and damaging ransomware,” stated Don Smith, the vp of the Secureworks Counter Risk Unit. “Qakbot has developed over time to develop into a versatile a part of the felony’s arsenal. Its removing is to be welcomed.”