The FBI has taken down Qakbot, one of the largest and longest-running botnets to date. The botnet was used by ransomware gangs to infect over 700,000 computers worldwide, causing hundreds of millions of dollars in damage.
The FBI was able to take down Qakbot by infiltrating the botnet’s infrastructure and redirecting traffic to servers controlled by the agency. This allowed the FBI to deploy an uninstaller to compromised devices while clearing the infection and preventing the deployment of additional malicious payloads.
Qakbot, which was run by a group of organized hackers, targeted essential infrastructure and businesses in many nations, collecting financial information and login passwords.
The multinational inquiry, which was also funded by Eurojust, included judicial and law enforcement officials from France, Germany, Latvia, the Netherlands, Romania, the United Kingdom, and the United States. The operation was dubbed “Duck Hunt,” and it took control of servers used for the botnet.
According to Martin Estrada, a U.S. attorney, this operation is the biggest one led by the DOJ against a botnet. Qakbot has been involved in 40 ransomware attacks in the last 18 months, costing victims over $58 million. Qakbot, which started as a banking trojan in 2007, is now a sophisticated malware used by cybercriminal groups to prepare compromised networks for ransomware.
It is commonly spread through phishing emails posing as legitimate documents. Federal investigators accessed an online panel that let them control the botnet and obtained court orders to remove Qakbot from infected systems, which numbered over 700,000 in the past year, including 200,000 in the U.S.
The FBI also seized almost $9 million in cryptocurrency from the Qakbot cybercriminal organization. This money will be made available to victims of ransomware attacks.
The sources for this piece include an article in BleepingComputer.