Multinational operation led FBI Drop the bots qakbot. The network of infected computers has been linked to more than 40 cyberattacks. ransomwareWhich affected companies, health institutions and government agencies. It is estimated that these damages were caused during the past eighteen months by about $58 million.
Qakbot has infected more than 700,000 computers, of which more than 200,000 are in the United States alone. Over the years, the network (also known as Qbot and Pinkslipbot) has served as the initial infection vector for many ransomware gangs.
Among these groups are REvil, which invaded JBS, RansomExx, responsible for attacks on the Supreme Court of Justice (STJ), Embraer and the National Treasury. Other gangs associated with the vault are Conti, ProLock, Egregor, MegaCortex, and Black Basta.
“This botnet has provided cybercriminals like these with a command-and-control infrastructure, with hundreds of thousands of computers used to launch attacks against individuals and businesses around the world,” said FBI Director Christopher Wray.
The FBI infiltrated the botnet to destroy it
To dismantle the network, the FBI infiltrated parts of its infrastructure, including one of the computers used by the botnet administrator.
There, the US agents found files related to the operation, such as conversations between officials and virtual wallet files.
It may sound implausible, but there was also a file called “Payments.txt”, containing a list of ransomware victims, the group responsible, systems details, dates, and an indication of how much bitcoin was paid for the botnet’s services.
The FBI redirected Qakbot’s traffic to servers controlled by the agency. Thus, the authorities got the necessary access to use the uninstaller and release the compromised devices.
This process occurred silently, but the FBI informed the victims using IP data and routing information obtained from the infected devices themselves.
Qakbot has gone from scam to ransomware over the course of 15 years
Qakbot started as a banking Trojan in 2008. It has been used to steal login data, cookies, and credit card information to commit financial fraud.
Over the years, it has become a malware delivery service. Thus, it has made networks accessible for ransomware attacks, data theft, and other criminal activities.
The network was formed by infecting computers through phishing campaigns in various formats, including breaking into email accounts and responding to conversations using infected documents.
When a computer is infected, malware is injected into the memory of a legitimate Windows process. It can be used to steal victim information including emails for future phishing campaigns.
In addition to the FBI, French, German, Dutch, British, Romanian and Latvian authorities were involved in the work.
How do you know if you are a victim of Qabot?
In addition to FBI notifications, there are two ways to find out if you’ve been a victim of a botnet.
One of them is access to the site Have been pwned and submit your email. The service is reporting information leaks and has details about Qakbot attacks.
The other is to submit your email to Dutch National Police. If your address is found in campaigns related to vaults, you will receive a message.
Informative: sleeping computer 1, two
More Stories
A South African YouTuber is bitten by a green mamba and dies after spending a month in a coma
A reptile expert dies after a snake bite
Maduro recalls his ambassador to Brazil in a move to disavow him and expand the crisis