The FBI has taken down one of the biggest botnets in the world
FBI cleans all Qakbot infected endpoints with a single command
The FBI, together with a number of international partners, has taken down Qakbot, arguably the biggest and most disruptive botnet malicious network out there.
In a video announcement posted by the FBI, FBI Director Christopher Wray said the botnet was used by countless cybercriminals, including ransomware operators, to target organizations from all verticals, and of all shapes and sizes, across the United States.
"The victims ranged from financial institutions on the East Coast to a critical infrastructure government contractor in the Midwest to a medical device manufacturer on the West Coast," Wray said in the video. "This botnet provided cybercriminals like these with a command-and-control infrastructure consisting of hundreds of thousands of computers used to carry out attacks against individuals and businesses all around the globe."
Ransomware attacks
Qakbot facilitated at least 40 ransomware attacks which resulted in hundreds of millions of dollars in damages. High-profile ransomware operators, such as Conti, REvil, BlackBasta, and others, were frequent customers of Qaknet.
The botnet operated more than 700,000 endpoints, which included some 200,000 on US soil.
During the operation, codenamed “Duck Hunt”, the FBI managed to redirect the botnet’s traffic to servers under the agency’s control, which allowed it to deploy an uninstaller to all affected devices. In other words, it sent a command to all installed malware to uninstall itself. The victims never knew what happened, but the FBI did say that it notified them using IP address and routing information used while deploying the uninstaller.
Furthermore, the FBI managed to infiltrate a computer owned by one of Qakbot’s administrators and retrieve important documents.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Citing court documents, “those files included communications (e.g., chats discussed in detail below) between the Qakbot administrators and co-conspirators and a directory containing several files holding information about virtual currency wallets,". "A different file, found elsewhere on the same computer, named 'payments.txt,' contained a list of ransomware victims, details about the ransomware group, computer system details, dates, and an indication of the amount of BTC paid to the Qakbot administrators in connection with the ransomware attack."
- Check out the best malware removal tools around
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.