US Dismantles Notorious Qakbot Botnet That Fueled Ransomware Attacks
US investigators say they’ve dealt a serious blow to the ransomware scourge by taking down a notorious botnet known as Qakbot.
On Tuesday, the Justice Department and FBI announced they had dismantled Qakbot by securing a search warrant to essentially hijack the servers that controlled the botnet. Federal agents then forced the botnet to circulate an uninstaller to thousands of computers infected with Qakbot, removing the malicious program.
During their investigation, federal agents noticed Qakbot controlling 700,000 infected computers, about 200,000 of which were based in the US.
Qakbot, also known as Qbot, first began as a Windows-based Trojan designed to steal access to users’ bank account information when it was first spotted around 2008. It can typically spread through malicious attachments in phishing emails.
In addition, the malware was also designed to form a botnet, or an army of infected computers, capable of receiving commands from hacker-controlled servers. As a result, the creators of Qakbot were able to sell access to their infected computers to other cybercriminals groups.
The cybercriminal groups could then steal data from the infected computers or launch ransomware on them. US investigators and security researchers have linked Qakbot to several ransomware gangs including Conti, Black Basta, Royal, Revil, and Lockbit, among others. In return, the unknown operators of Qakbot pulled in fees linked to about $58 million in ransoms paid by victims. Meanwhile, total victim losses from the botnet's activities are likely in the hundreds of millions of dollars.
“Qakbot was the botnet of choice for some of the most infamous ransomware gangs, but we have now taken it out,” US Attorney Martin Estrada said in the
Read more on pcmag.com
