FBI operation tricked thousands of computers infected by Qakbot into uninstalling the malware

FBI operation tricked thousands of computers infected by Qakbot into uninstalling the malware

A U.S. authorities operation has dismantled the infrastructure of the infamous Qakbot malware, which officers say induced “lots of of hundreds of thousands” of {dollars} of injury worldwide.

In an announcement on Tuesday, the FBI mentioned that it had efficiently “disrupted and dismantled” the Qakbot malware, and had recognized greater than 700,000 contaminated computer systems worldwide — together with greater than 200,000 in america.

The Division of Justice additionally introduced the seizure of greater than $8.6 million in cryptocurrency from the Qakbot cybercriminal group, which is able to now be made accessible to victims. 

The operation, which was carried out in partnership with regulation enforcement businesses in France, Germany, the Netherlands, Romania, Latvia, and the UK, is described as the most important U.S.-led monetary and technical disruption of a botnet infrastructure leveraged by cybercriminals to commit ransomware, monetary fraud, and different cyber-enabled legal exercise.

To dismantle the botnet, the FBI gained lawful entry to Qakbot’s infrastructue and redirected Qakbot visitors to FBI-controlled servers, which instructed contaminated computer systems to obtain an uninstaller file. This uninstaller was created by regulation enforcement to untether the victims’ computer systems from the Qakbot botnet, stopping additional set up of malware by Qakbot.

Throughout this operation, named “Operation Duck Hunt,” the FBI mentioned it recovered the stolen credentials — together with e-mail addresses and passwords — of greater than 6.5 million victims, including that its worldwide companions recognized “hundreds of thousands extra”. 

Qakbot, also called “QBot” and “QuakBot,” was first detected in 2007, and has lately change into the botnet of selection for a number of the most notorious ransomware gangs, together with Conti, ProLock, Egregor, REvil, MegaCortex, and Black Basta. 

These ransomware gangs acquired roughly $58 million in ransom funds between October 2021 and April 2023, in response to the FBI, and racked up quite a few victims, together with healthcare suppliers and authorities businesses.

In accordance with immediately’s announcement, these victims embrace an influence engineering agency primarily based in Illinois; monetary companies organizations primarily based in Alabama, Kansas, and Maryland; a protection producer primarily based in Maryland; and a meals distribution firm in Southern California.

Extra to return…


Leave a Reply

Your email address will not be published. Required fields are marked *