The FBI dismantles the notorious “Qakbot” cyber network that utilized 700,000 infected machines throughout the world to steal hundreds of millions from unwitting targets in ransomware and bank fraud attacks.The FBI announced the destruction of the notorious “Qakbot” malware botnet on Tuesday.To bring down the network, the feds routed botnet communications through FBI servers.To find out if Qakbot has infected your computer, you can look it up in a Dutch Police database.For Dailymail.com, by Keith Griffith Updated: 15:27, August 29, 2023 EDT
The notorious ‘Qakbot’ malware network, which is frequently used by hackers involved in stealing millions from unwary victims, is being taken down, according to the FBI, in an operation that has been announced.
According to officials, the Qakbot malware infected more than 700,000 machines worldwide and was used to carry out financial fraud and ransomware assaults. Qakbot, which is said to have its roots in Russia more than ten years ago, is frequently disseminated by boobytrapped emails that infect devices and enlist their victims into the network without their knowledge.
The FBI was able to remotely remove the Qakbot malware from victim devices, untethering them from the botnet, by following the hacker playbook and secretly rerouting the network’s traffic through government-controlled servers.The malware remover ran without informing victims, according to a senior FBI officer who spoke to DailyMail.com, but those who believe they were affected by Qakbot can check a database kept by the Dutch National Police to determine if they were at risk.
According to DOJ and FBI authorities, 200,000 of the botnet’s 700,000 infected computers were located in the United States. According to the senior FBI official, “nothing in the computer’s hard drive is touched, either to be erased or read,” and that the malware uninstaller tool was approved by a judge and had a very limited reach.
So none of the victim’s private information on the computer will be available through that method, the person continued. The Justice Department also acknowledged the illegal botnet revenues of more than $8.6 million in cryptocurrencies that were seized. Officials from the FBI and DOJ stated that no arrests related to the operation were being made public.
Officials highlighted that since its establishment in 2008, Qakbot malware has been utilized in cybercrimes such as ransomware attacks and other crimes that have cost people and organizations hundreds of millions of dollars.
In essence, Qakbot served the hacker community by renting out access to compromised computers or providing an infrastructure of infected machines that could be used to launch assaults.According to authorities, a number of well-known ransomware gangs, including Conti, ProLock, Egregor, REvil, MegaCortex, and Black Basta, have recently utilised Qakbot as an initial point of infection.
The ransomware gangs then demand ransom payments from their victims in bitcoin or other cryptocurrencies in exchange for access to the victim computer networks that have been encrypted.A power engineering company based in Illinois, financial services firms in Alabama, Kansas, and Maryland, a defense manufacturer based in Maryland, and a food distribution firm in Southern California were among the victims of Qakbot. Investigators and prosecutors from the US Attorney’s Office in Los Angeles were in charge of the “Operation Duck Hunt” takedown.
Authorities from France, Germany, the Netherlands, the United Kingdom, Romania, Latvia, and other countries were also participating in the operation. According to the FBI, it diverted Qakbot traffic to FBI-managed servers that prompted affected computers to download an uninstaller file in order to disable the botnet. The Qakbot virus was detached from infected PCs using this uninstaller, which was designed expressly to stop the spread of malware.
According to a statement by FBI Director Christopher Wray, “The FBI neutralized this far-reaching criminal supply chain, cutting it off at the knees.”He continued, “The victims included financial institutions on the East Coast, a Midwest government contractor working on essential infrastructure, and a West Coast maker of medical devices. There are two ways for potential victims to determine whether Qakbot has compromised their devices.The FBI has joined with the website Have I Been Pwned?, where people may determine whether their credentials were compromised, in addition to the Dutch police website.