The FBI has taken down one of the biggest botnets in the world

News
By published

FBI cleans all Qakbot infected endpoints with a single command

security
OpenVPN-protokollet - därför är det så bra (Image credit: Shutterstock)

The FBI, together with a number of international partners, has taken down Qakbot, arguably the biggest and most disruptive botnet malicious network out there. 

In a video announcement posted by the FBI, FBI Director Christopher Wray said the botnet was used by countless cybercriminals, including ransomware operators, to target organizations from all verticals, and of all shapes and sizes, across the United States.

"The victims ranged from financial institutions on the East Coast to a critical infrastructure government contractor in the Midwest to a medical device manufacturer on the West Coast," Wray said in the video. "This botnet provided cybercriminals like these with a command-and-control infrastructure consisting of hundreds of thousands of computers used to carry out attacks against individuals and businesses all around the globe."

Ransomware attacks

Qakbot facilitated at least 40 ransomware attacks which resulted in hundreds of millions of dollars in damages. High-profile ransomware operators, such as Conti, REvil, BlackBasta, and others, were frequent customers of Qaknet.

Read more

> Fujifilm taken down by serious ransomware attack

> This notorious malware has returned after months away

> These are the best firewalls around

The botnet operated more than 700,000 endpoints, which included some 200,000 on US soil. 

During the operation, codenamed “Duck Hunt”, the FBI managed to redirect the botnet’s traffic to servers under the agency’s control, which allowed it to deploy an uninstaller to all affected devices. In other words, it sent a command to all installed malware to uninstall itself. The victims never knew what happened, but the FBI did say that it notified them using IP address and routing information used while deploying the uninstaller.

Furthermore, the FBI managed to infiltrate a computer owned by one of Qakbot’s administrators and retrieve important documents. 

Citing court documents, “those files included communications (e.g., chats discussed in detail below) between the Qakbot administrators and co-conspirators and a directory containing several files holding information about virtual currency wallets,". "A different file, found elsewhere on the same computer, named 'payments.txt,' contained a list of ransomware victims, details about the ransomware group, computer system details, dates, and an indication of the amount of BTC paid to the Qakbot administrators in connection with the ransomware attack."

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Ransomware
8base ransomware site taken down in global police operation
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
A major FBI operation has deleted Chinese malware from thousands of US computers
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
BadBox malware hit after infecting over 500,000 Android devices
Abstract image of robots working in an office environment including creating blueprint of robot arm, making a phone call, and typing on a keyboard
What is a botnet?
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Another huge new botnet is infecting thousands of webcams and video recorders for DDoS attacks
Cryptocurrencies
Ransomware’s favorite Russian crypto exchange seized by law enforcement
Latest in Security
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Latest in News
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Cassian Andor looking nervously over his shoulder in Andor season 2
New Andor season 2 trailer has got Star Wars fans asking the same question – and it includes an ominous call back to Rogue One's official teaser
Ncuti Gatwa as The Fifteenth Doctor in Doctor Who
Disney+ drops new trailer for Doctor Who season 2 that promises an epic adventure across time and space
23andMe
23andMe is bankrupt and about to sell your DNA, here's how to stop that from happening
A phone showing a ChatGPT app error message
ChatGPT was down for many – here's what happened
AirPods Max with USB-C in every color
Apple's AirPods Max with USB-C will get lossless audio in April, but you'll need to go wired
More about security
An abstract image of digital security.

Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft

"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
AI quantization

What is AI quantization?
See more latest
Most Popular
Shape of Russia filled with Russian flag-colored internet codes on a black hacking background
A new wave of blocks in Russia targets VPN apps and Cloudflare subnets
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Ncuti Gatwa as The Fifteenth Doctor in Doctor Who
Disney+ drops new trailer for Doctor Who season 2 that promises an epic adventure across time and space
Cassian Andor looking nervously over his shoulder in Andor season 2
New Andor season 2 trailer has got Star Wars fans asking the same question – and it includes an ominous call back to Rogue One's official teaser
23andMe
23andMe is bankrupt and about to sell your DNA, here's how to stop that from happening
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
A screenshot from Indiana Jones and the Great Circle showing Indiana Jones
Indiana Jones and the Great Circle finally gets PS5 release date and I can't wait to don the fedora and crack the whip
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Tuesday, March 25 (game #387)