FBI operation tricked thousands of computers infected by Qakbot into uninstalling the malware


Share post:

A U.S. government operation has dismantled the infrastructure of the notorious Qakbot malware, which officials say caused “hundreds of millions” of dollars of damage worldwide.

In an announcement on Tuesday, the FBI said that it had successfully “disrupted and dismantled” the Qakbot malware, and had identified more than 700,000 infected computers worldwide — including more than 200,000 in the United States.

The Department of Justice also announced the seizure of more than $8.6 million in cryptocurrency from the Qakbot cybercriminal organization, which will now be made available to victims.

The operation, which was carried out in partnership with law enforcement agencies in France, Germany, the Netherlands, Romania, Latvia and the United Kingdom, is described as the largest U.S.-led financial and technical disruption of a botnet infrastructure leveraged by cybercriminals to commit ransomware, financial fraud and other cyber-enabled criminal activity.

To dismantle the botnet, the FBI gained lawful access to Qakbot’s infrastructure and redirected Qakbot traffic to FBI-controlled servers, which instructed infected computers to download an uninstaller file. This uninstaller was created by law enforcement to untether the victims’ computers from the Qakbot botnet, preventing further installation of malware through Qakbot.

During this operation, named “Operation Duck Hunt,” the FBI said it recovered the stolen credentials — including email addresses and passwords — of more than 6.5 million victims, adding that its international partners identified “millions more.”

The FBI also announced the seizure of 52 servers, which it said would “permanently dismantle” the botnet.

Qakbot, also known as “QBot” and “QuakBot,” was first detected in 2008, making it one of the longest-running botnets. The malware, which first emerged as a banking trojan, infects devices primarily through phishing emails containing malicious links or attachments. Once a target taps the link or downloads the attachment, Qakbot would deploy additional malware to their computer to become part of a botnet network that could be controlled remotely.

In recent years, Qakbot become the botnet of choice for some of the most infamous ransomware gangs, including Conti, ProLock, Egregor, REvil, MegaCortex and Black Basta

These ransomware gangs received approximately $58 million in ransom payments in the last 18 months alone, according to the FBI, and combined racked up more than 40 victims, including healthcare providers and government agencies.

According to today’s announcement, these victims include a power engineering firm based in Illinois; financial services organizations based in Alabama, Kansas and Maryland; a defense manufacturer based in Maryland; and a food distribution company in Southern California.

The U.S. State Department’s Rewards for Justice program has announced rewards of up to $10 million for information leading to the identification of Qakbot operators.

Read more on TechCrunch:

Source link

Lisa Holden
Lisa Holden
Lisa Holden is a news writer for LinkDaddy News. She writes health, sport, tech, and more. Some of her favorite topics include the latest trends in fitness and wellness, the best ways to use technology to improve your life, and the latest developments in medical research.

Recent posts

Related articles

Sources: Palo Alto in advanced talks to buy Talon and Dig in a $1B security sweep

Palo Alto Networks’ stock price has been on the rise on the back of strong earnings and...

OpenAI is reportedly raising funds at a valuation of $80 billion to $90 billion

OpenAI is in discussions to possibly sell shares in a move that would boost the company’s valuation...

YouTube relaxes advertiser-friendly guidelines around controversial topics, like abortion, abuse and eating disorders

YouTube today announced an update to its advertiser-friendly guidelines that relaxes some of its rules around controversial...

FCC announces plans to reinstate net neutrality

Net neutrality is back on the menu, citizens. After a long, long battle ending in eventual defeat...

Sierra Space raises $290M at a $5.3B valuation

Sierra Space has raised $290 million in a Series B round to scale its Dream Chaser spaceplane...

TechCrunch+ Roundup: Slashing SaaS costs, FedNow’s ‘game changer,’ diverse cap tables

Software is a company’s third-largest expense, but because it’s spread across multiple departments, it’s the CFO’s responsibility...

Bootstrapping is cool once again

Bootstrapping, or funding your own company, has long been the first route many founders take when they...

Alchemist Accelerator’s latest startups range from sneakernet for energy to solar panel cleaning bots

This morning is Alchemist Accelerator’s demo day, and there are 22 companies making their debut across a...