The US government, in collaboration with international partners, has successfully dismantled a massive network of computers infected with Qakbot, one of the world’s most notorious malware. This multinational effort, led by the US, has resulted in the takedown of a malware that had infected over 700,000 computers worldwide, according to the Federal Bureau of Investigation (FBI).
Qakbot is typically distributed by hackers through spam emails containing malicious attachments or links. Once a victim downloads the attachment or clicks the link, their computer becomes infected with Qakbot, which then becomes part of a botnet – a network of infected computers controlled remotely by hackers. Once the hackers gain control, they can deploy additional malware, such as ransomware, onto the compromised devices.
To dismantle the Qakbot network, the FBI rerouted its activities through FBI-controlled servers. The infected computers in the US and other parts of the world were directed to download software that effectively uninstalled the Qakbot malware. Furthermore, the operation separated the infected computers from the botnet, preventing further malware installations through Qakbot. However, it is important to note that this action only addressed the malware installed by Qakbot and did not extend to eliminating other malware already present on the victim’s computers, as highlighted by the Department of Justice (DOJ).
The multinational effort, codenamed Operation “Duck Hunt,” involved cooperation between the US, Europol, France, Germany, the Netherlands, the UK, Romania, and Latvia. In the US alone, the botnet was responsible for infecting more than 200,000 computers and causing hundreds of millions of dollars in damages. Qakbot, first discovered in 2008, has been utilized by various prolific ransomware groups throughout the years, including Conti, REvil, and MegaCortex. As part of the operation, the DOJ seized $8.6 million worth of extorted funds in cryptocurrency associated with the botnet’s activities.
In a statement, US Attorney Martin Estrada acknowledges the success of the international partnership in dismantling Qakbot, hailing it as a significant breakthrough that will result in substantial losses to cybercriminals. He notes that Qakbot was the preferred botnet for many notorious ransomware gangs, but it has now been neutralized.
To help affected individuals assess the impact of the Qakbot takedown, the FBI has shared compromised credentials discovered during the operation with the website Have I Been Pwned. By entering their email address on the site, users can check if their credentials were compromised. Additionally, the Dutch National Police has added the affected credentials to its Check Your Hack site, providing another resource for individuals to verify if their information was compromised.
The successful takedown of Qakbot demonstrates the effectiveness of international collaboration and law enforcement efforts in combating cybercrime. It highlights the importance of proactive measures to protect computer systems, including maintaining updated security software, exercising caution when opening email attachments or clicking on links, and regularly monitoring for any signs of compromise.
While the dismantling of Qakbot is a significant achievement, it is crucial to remain vigilant and continue to implement robust cybersecurity practices to mitigate the risk of falling victim to other malware attacks. Ongoing education, awareness, and investment in cybersecurity measures are paramount to safeguarding individuals, businesses, and governments from the ever-evolving threats posed by cybercriminals.