Feds take down botnet linked to ransomware attacks
LOS ANGELES (CN) — The Justice Department said on Tuesday that it has taken down a so-called botnet that was responsible for dozens of ransomware attacks in the past 18 months alone and caused tens of millions of dollars in losses.
The Justice Department called the dismantling of Qakbot, as the malware network is known, its most significant technical and financial operation against a botnet.
"This was an unprecedented operation of worldwide scope, led by the FBI and the Department of Justice but also in collaboration with partners throughout the world, including law enforcement partners in France, the United Kingdom, Germany, the Netherlands, Romania and Latvia," Central District of California U.S. Attorney Martin Estrada said at a news conference in Los Angeles.
Estrada said the investigation is ongoing and declined to name any individuals that could face criminal charges for operating the botnet.
Qakbot was the botnet of choice for some of the most infamous and prolific ransomware gangs, which paid the Qakbot operators a fee, according to the government. Using phishing emails, Quabot would infect corporate and institutional computer networks with malware that would allow these cyber criminals to take over the victims networks until they paid a ransom in crypto currency to regain control.
The ransomware groups targeted businesses, healthcare providers and government agencies all over the world, including a power engineering firm in Illinois; financial services organizations in Alabama, Kansas, and Maryland; a defense manufacturer in Maryland; and a food distribution company in Southern California.
Between October 2021 and April 2023, Qakbot administrators received fees of about $58 million in ransoms paid by victims, according to the Justice Department.
As part of the takedown, the FBI gained access to the Qakbot infrastructure and identified more than 700,000 computers worldwide, including over 200,000 in the United States, that appeared to have been infected with Qakbot.
The FBI redirected the Qakbot communications through servers controlled by the agency, which then instructed the infected computers to download a file, per a search warrant, to uninstall the Qakbot malware. The uninstaller was designed to untether the victim computer from the Qakbot botnet, preventing further installation of malware through Qakbot, the government said.
As part of the takedown, the U.S. and law enforcement in other countries have seized 52 of Qakbot's servers around the world, which will prevent the organization from resuming its operations, Estrada said.
The government also recovered more than $8.6 million in cryptocurrency in illicit profits.