By Nathaniel Percy, Southern California News Group
Federal legislation enforcement officers have disrupted a malware referred to as Qakbot — a pc code utilized by cybercriminals to commit ransomware, monetary fraud and different cyber crimes resulting in large losses worldwide, they introduced on Tuesday, Aug. 29.
The Qakbot malware contaminated greater than 700,000 sufferer computer systems, federal authorities stated, earlier than it’s infrastructure was taken down. The malware was being deleted from these computer systems, stopping it from doing extra hurt.
The Department of Justice stated authorities had seized greater than $8.6 million in cryptocurrency in illicit income.
It’s the most important United States-led monetary and technical disruption of a botnet infrastructure utilized by cybercriminals, based on the Department of Justice. The operation additionally concerned actions in France, Germany, the Netherlands, the United Kingdom, Romania and Latvia.
“An international partnership led by the Justice Department and the FBI has resulted in the dismantling of Qakbot, one of the most notorious botnets ever, responsible for massive losses to victims around the world,” U.S. Attorney Martin Estrada stated.
Qakbot, managed by a cybercriminal group, was used to focus on crucial industries nationwide by sending spam e-mail messages containing malicious attachments or hyperlinks, U.S. Attorney spokesman Thom Mrozek stated.
Qakbot can then ship extra malware, together with ransomware, used to hunt funds in bitcoin earlier than returning entry to the sufferer’s pc networks, Mrozek stated.
Once a sufferer pc is contaminated, it turns into a part of a botnet, or robotic community. Cybercriminals then have distant entry to the entire contaminated computer systems in a coordinated method, Mrozek stated.
Owners and operators of the sufferer computer systems are often unaware of the an infection.
In the previous yr, criminals not but tied to Qakbot attacked computer systems of the San Bernardino County Sheriff’s Department, the Los Angeles Unified School District and hospitals run by Prospect Medical Holdings, “and by doing that, shut down emergency rooms and medical facilities throughout the country,” Estrada stated.
From October 2021 to April 2023, proof collected by investigators exhibits Qakbot directors acquired $58 million in ransoms, Mrozek stated.
Named “Operation Duck Hunt,” starting Friday, legislation enforcement gained entry to the Qakbot botnet, redirected botnet site visitors to and thru servers managed by legislation enforcement and instructed operators of contaminated computer systems to obtain a Qakbot “uninstall” file that disconnected the sufferer pc from the botnet, federal authorities stated.
They recognized greater than 200,000 contaminated computer systems within the United States, Mrozek stated. These victims included an influence engineering agency in Illinois, monetary providers organizations in Alabama, Kansas and Maryland, and a protection producer in Maryland.
“Qakbot was the botnet of choice for some of the most infamous ransomware gangs, but we have now taken it out,” Estrada stated.
Federal authorities didn’t present particulars in regard as to whether any arrests made in reference to the operation or determine any attainable suspects, citing the continuing investigation.
Source: www.bostonherald.com”