Big news in the cybersecurity world – the FBI just announced a major multinational operation to disrupt and dismantle the QakBot malware and botnet. This is one of the largest botnet takedowns ever conducted by U.S. law enforcement. QakBot infected victim computers primarily through spam emails containing malicious links or attachments. Once installed, QakBot could deliver additional malware including ransomware. It turned infected computers into part of a remote-controlled botnet. As part of the operation, the FBI gained access to QakBot’s infrastructure and identified over 700,000 infected computers worldwide, with over 200,000 in the U.S. alone. The FBI was able to redirect QakBot traffic to servers under their control. These servers sent uninstaller files to remove QakBot from infected systems, freeing them from the botnet. This massive disruption prevents cybercriminals from installing additional malware or ransomware on compromised devices. The FBI estimates that QakBot enabled $58 million in ransom payments between October 2021 and April 2022. This operation showcases the ongoing cat-and-mouse game between law enforcement and cyber criminals. It also demonstrates the value of coordinated efforts between international partners to combat cyber threats. Kudos to all the agencies involved in dismantling this major malware operation.
More information: https://www.fbi.gov/news/stories/fbi-partners-dismantle-qakbot-infrastructure-in-multinational-cyber-takedown