Officials from the United States revealed on Tuesday that the FBI and its European allies broke into and took control of a massive worldwide malware network that had been used for more than 15 years to carry out a variety of online crimes, including catastrophic ransomware assaults.
They subsequently remotely cleaned hundreds of compromised machines of the malicious software agent known as Qakbot. Cybersecurity experts expressed their admiration for the network’s skillful demolition but cautioned that any reversal in cybercrime would probably only last a short while. The U.S. attorney in Los Angeles, Martin Estrada, announced the takedown on Tuesday. “Nearly every sector of the economy has been victimized by Qakbot,” he added. He claimed that over the course of 18 months, the criminal network had enabled roughly 40 ransomware operations that, according to the investigators, netted Qakbot administrators about $58 million. According to Estrada, Qakbot’s victims included an engineering firm in Illinois, financial services companies in Alabama and Kansas, a Maryland defense manufacturer, and a Southern California food distribution business. No arrest was reported, but officials said $8.6 million in cryptocurrency was blocked or seized. Estrada stated that the probe is still ongoing. He refused to provide the location of the malware’s administrators, who controlled a botnet of infected PCs that had turned zombies. They are allegedly in Russia or other former Soviet states, according to cybersecurity researchers. According to officials, since its initial appearance in 2008 as a bank trojan that stole customer information, the so-called malware loader, also known as Pinkslipbot and Qbot, has been used to inflict hundreds of millions of dollars worth of damage.They claimed that millions of people had been impacted in almost every nation on earth. Qakbot provides criminal hackers with first access to compromised systems and is frequently distributed via phishing email viruses. In order to promote financial fraud and other crimes like tech support and romance scams, they might subsequently deliver additional payloads like ransomware, steal critical information, or gather intelligence on victims. The Qakbot network was “literally feeding the global cybercrime supply chain,” according to Donald Alway, assistant director of the FBI’s Los Angeles office, who called it “one of the most devastating cybercriminal tools in history.” According to two cybersecurity companies, Qakbot, the most often discovered malware in the first half of 2023, affected one in ten corporate networks and was responsible for nearly 30% of attacks worldwide. Such “initial access” tools make it possible for extortionist ransomware gangs to bypass the initial step of infiltrating computer networks, making them important facilitators for the remote, primarily Russian-speaking criminals who have wreaked havoc by stealing data and interfering with businesses, schools, hospitals, local governments, and other institutions around the world. Since it “hacked the hackers” in January by taking down the prodigious Hive ransomware group, the FBI has had great success fighting online criminals. Although there may be a brief decline in ransomware assaults, Chester Wisniewski, a cybersecurity expert at Sophos, concurred that the bad guys can be counted on to either relocate to different botnets or resurrect infrastructure elsewhere. The short-term impact on some groups will be significant, but the reset won’t change much, he claimed. Although it takes some time to infect 700,000 PCs.