FBI dismantles Qakbot network used in major ransomware attacks

U.S. authorities on Tuesday introduced a multinational operation that they stated took down a community that had contaminated lots of of hundreds of computer systems with malware and induced lots of of tens of millions of {dollars} in damages from cyberattacks worldwide.

The FBI referred to as the motion that disabled the notorious Qakbot malware “one of the largest U.S.-led disruptions of a botnet infrastructure used by cybercriminals to commit ransomware, financial fraud, and other cyber-enabled criminal activity.” The Justice Division stated regulation enforcement companies in France, Germany, the Netherlands, the UK, Romania and Latvia additionally participated within the operation, which it stated was code-named “Duck Hunt.”

Some $8.6 million in stolen cryptocurrency associated to the community’s operations additionally was seized and will probably be returned to victims, the FBI stated.

“The FBI neutralized this far-reaching criminal supply chain, cutting it off at the knees,” FBI Director Christopher A. Wray stated in an announcement.

Qakbot, first found in 2008, has often focused victims’ computer systems by spam electronic mail messages containing malicious hyperlinks or attachments. Sufferer machines would then change into one other hyperlink within the community, surreptitiously beneath management of these looking for to make use of the community for cybercrime. Some 700,000 victims have been recognized worldwide, with 200,000 of them in the USA, based on the Justice Division.

The botnet enabled the operations of variety of high-profile ransomware teams, together with Conti and REvil, that focused organizations akin to hospitals, faculties and municipal governments, holding their delicate knowledge hostage in change for a ransom cost. Victims have included an influence engineering agency based mostly in Illinois, a monetary providers firm in Alabama and a meals distribution firm in California, based on authorities, who added that Qakbot directors acquired about $58 million in ransoms paid by victims between October 2021 and April 2023.

The FBI stated it disabled the infrastructure by tricking computer systems contaminated with the malware into distributing and downloading a file created that directed computer systems to uninstall the malware and untether themselves from the botnet.

Affected victims wouldn’t know that the uninstall mechanism was lively, based on senior FBI and Justice Division officers who spoke on the situation of anonymity to supply reporters with particulars concerning the operation.

The senior officers declined to touch upon whether or not the Qakbot community was linked to anybody nation. The FBI didn’t announce any arrests and stated the investigation into who was behind the community is ongoing.

Source Link

Spread the love

Leave a Reply