U.S. authorities dismantle massive malware network

Federal authorities said Tuesday that Qakbot and its associated botnet has been used in some 40 attacks in the past 18 months alone. Image courtesy FBI
Federal authorities said Tuesday that Qakbot and its associated botnet has been used in some 40 attacks in the past 18 months alone. Image courtesy FBI

Aug. 30 (UPI) -- U.S. authorities and their European partners have dismantled a massive malware network that has been used by prolific ransomeware groups to extort tens of millions of dollars from victims worldwide.

The Justice Department said Tuesday that the FBI has gained access to more than 700,000 computers throughout the world, including 200,000 in the United States, that have been infected with the Qakbot malicious software and was in the process of removing it from victimized devices.


U.S. Attorney Martin Estrada for the Central District of California described Qakbot during a press conference Tuesday as "one of the most notorious and pernicious botnets in the world" and the law enforcement effort that took it down as the "most significant technological and financial operation ever led by the Department of Justice against a botnet."

First detected in 2008, Qakbot was malicious software that infected computers worldwide. An unnamed cybercriminal organization then sold access to this botnet to other criminal organizations, who would use it coerce funds from their victims via ransom for either access to information on their infected computers or to prevent such information from being publicly distributed.

Estrada told reporters that Qakbot was "the botnet of choice" for cybergangs and that they have evidence of it being used in some 40 different ransomeware attacks that have cost governments and businesses roughly $58 million in the last 18 months alone.


"This Qakbot has been around since at least 2008, so you can imagine that the losses have been many millions more throughout the life of the Qakbot," he said.

"But today, all that ends. During a trailblazing operation over the last three days, Justice Department prosecutors, agents with the FBI and our international partners have taken control of and dismantled Qakbot."

Victims are being notified that their computers had been compromised and the Justice Department was working with its international partners in France, Germany, the Netherlands, Britain, Romania and Latvia to seize servers that were used in the cybercrimes.

Fifty-two servers in the United States and abroad have already been seized, he said, stating that by confiscating them they were preventing Qakbot from being resurrected.

More than 6.5 million credentials including passwords and login information has been recovered, he said, adding that $8.6 million in cryptocurrency linked to ransomeware payments was also seized and federal authorities were working to return it to victims.

"The FBI neutralized this far-reaching criminal supply chain, cutting it off at the knees," FBI Director Christopher Wray said in a video statement.

Wray explained their operation infiltrated Qakbot servers and redirected their traffic to FBI systems to uninstall the malware. He said it was the first time the FBI had employed this technique to sever computers from the botnet.


"The cyberthreat facing our nation is growing more dangerous and complex every day. But our success proves that our own network and our own capabilities are more powerful," he said.

Latest Headlines