FBI Takes Qakbot Malware Known To Be Cruel And Loses Hundreds Of Millions Of Dollars Worldwide

The United States (US) has succeeded in disrupting and dismantling malware and botnets known as Qakbot. (photo: dock. pexels)

JAKARTA - The Federal Bureau of Investigation (FBI) and the Department of Justice (DoJ), United States (US), have succeeded in disrupting and dismantling malware and botnets known as Qakbots.

Qakbot itself is known to have been very cruel since it was created in 2008, causing hundreds of millions of dollars in losses worldwide. The action, detected in the US, France, Germany, the Netherlands, Romania, Latvia, and the UK.

Qakbot also has other names, namely Qbot and Pinkslipbot, which are controlled by cybercriminal organizations to target critical industries around the world.

With Qakbot, cybercriminals can carry out ransomware attacks, financial fraud, and other criminal activities. Malware will infect the victim's computer, especially through spam emails containing malicious attachments or links.

After users download or click on content, Qakbot will send additional malware, including ransomware to their computers.

Criminals then blackmailed their victims, asking for ransom payments in bitcoin before returning access to the victim's computer network.

The FBI neutralized this vast criminal supply chain, breaking it off. The victims ranged from financial institutions on the East Coast, government-owned important infrastructure contractors in theANG, to manufacturers of medical equipment on the West Coast," FBI Director Christopher Wray said in a statement, quoted Wednesday, August 30.

Computers that are part of the botnet (computer network infiltrated) can be controlled remotely by botnet users. Meanwhile, victims of Qakbot usually do not realize their computer has been infected.

In the FBI and DoJ operations, they managed to gain valid access to Qakbot infrastructure and identified more than 700,000 infected computers worldwide, including more than 200,000 in the US.

To interfere with botnets, the FBI diverts Qakbot traffic to its controlled servers, instructing infected computers to download uninstaller files.

The installation remover was created to remove Qakbot malware, remove infected computers from botnets and prevent additional malware installations.

"This botnet provides command and control infrastructure for cybercriminals like this, consisting of hundreds of thousands of computers used to carry out attacks on individuals and businesses around the world," Wray said.

Currently, the malicious Qakbot code is being removed from the victim's computer, preventing it from causing further harm. DoJ also announced the confiscation of more than $8.6 million in cryptocurrencies as a banned gain.

Qakbot has been used as a means of early infection by many productive ransomware groups in recent years, including Conti, ProLock, Egregor, REvil, MegaCortex, and Black Basta.

From this incident, both the FBI and DoJ said Qakbot had caused hundreds of millions of dollars in losses to individuals and businesses in the US and abroad.