The FBI and the Justice Department (DoJ) said on Aug. 29 that they have successfully disrupted and dismantled the malware and botnet known as Qakbot, which has been responsible for hundreds of millions of dollars in losses to individuals and businesses.
The international cyber takedown – which took place in the United States, France, Germany, the Netherlands, Romania, Latvia, and the United Kingdom – is one of the largest U.S.-led disruptions of a botnet infrastructure, the FBI said.
“Cybercriminals who rely on malware like Qakbot to steal private data from innocent victims have been reminded today that they do not operate outside the bounds of the law,” Attorney General Merrick B. Garland said in a press release. “Together with our international partners, the Justice Department has hacked Qakbot’s infrastructure, launched an aggressive campaign to uninstall the malware from victim computers in the United States and around the world, and seized $8.6 million in extorted funds.”
The Qakbot malware, also known as “Qbot” or “Pinkslipbot,” targeted critical industries worldwide, infecting victim computers primarily through spam emails that contained malicious links or attachments.
After a user clicked on or downloaded the content, Qakbot delivered additional malware – including ransomware – to their computer. The computer also became part of a botnet, or a network of hijacked computers that could be controlled remotely.
The FBI was able to disrupt the botnet by redirecting Qakbot traffic to FBI-controlled servers that instructed infected computers to download an uninstaller file. This file was created to remove the Qakbot malware and prevent the installation of any additional malware.
The FBI identified over 700,000 computers worldwide – including more than 200,000 in the United States – that were infected with Qakbot.
“The FBI neutralized this far-reaching criminal supply chain, cutting it off at the knees,” FBI Director Christopher Wray said in a separate release. “The victims ranged from financial institutions on the East Coast to a critical infrastructure government contractor in the Midwest to a medical device manufacturer on the West Coast.”
“All of this was made possible by the dedicated work of FBI Los Angeles, our Cyber Division at FBI Headquarters, and our partners, both here at home and overseas,” Wray added. “The cyber threat facing our nation is growing more dangerous and complex every day. But our success proves that our own network and our own capabilities are more powerful.”