US Government Leads Global Effort to Dismantle Qakbot Malware Network
The US government has just assisted in the destruction of a vast network of computers infected with one of the world’s most infamous pieces of malware. According to the FBI, a multinational operation led by the United States shut down Qakbot, a spyware that infiltrated over 700,000 machines worldwide.
Qakbot is generally used by hackers to target victims by sending spam emails containing malicious attachments or URLs. Qakbot infects a victim’s computer as soon as they download the attachment or click the link, and their computer becomes part of a botnet — a network of infected computers controlled remotely by hackers. From there, unscrupulous actors can install further software, such as ransomware, on their victims’ devices.
To bring the network down, the FBI routed Qakbot through FBI-controlled servers, instructing afflicted computers in the United States and overseas to download software that uninstalled the Qakbot malware. The installer also disconnected affected PCs from the botnet, “preventing further malware installation via Qakbot.” The activity, as stated by the DOJ, was restricted to the malware installed by Qakbot actors and “did not extend to remediating other malware already installed on the victim computers.”
In addition to the United States, Operation “Duck Hunt” included Europol, France, Germany, the Netherlands, the United Kingdom, Romania, and Latvia. According to the US, the botnet caused hundreds of millions of dollars in harm and infected over 200,000 machines in the country. Qakbot has been around since 2008 and has previously been used by various successful ransomware gangs, including Conti, REvil, MegaCortex, and others. The DOJ seized $8.6 million in extorted payments in cryptocurrency as part of the operation.
“An international partnership led by the Justice Department and the FBI has resulted in the dismantling of Qakbot, one of the most notorious botnets ever, responsible for massive losses to victims around the world,” said US Attorney Martin Estrada in a statement. “Qakbot was the botnet of choice for some of the most infamous ransomware gangs, but we have now taken it out.” Source: justice.gov
The FBI has since given the compromised credentials discovered during the investigation to Have I Been Pwned, allowing you to enter your email address to see if you were affected. The Dutch National Police has also updated its Check Your Hack website to include compromised credentials.
Keywords: malware, ransomware, qakbot
New Cyber Security Compliance Rules in US : What Companies Need to Know
Try Health Tips: The Smoothie Diet: 21 Day Rapid Weight Loss Program