FBI Dismantles a Malware System That Took Millions in Ransom

While the takedown is significant, experts caution that it may not completely eliminate the threat.

Bloomberg News

August 29, 2023

2 Min Read
The seal of the Federal Bureau of Investigation in Washington, DC.

(Bloomberg) -- The FBI said Tuesday that it has taken down a network of hacked devices responsible for extorting tens of millions of dollars from victims around the world. 

US officials described the network known as Qakbot as one of the most notorious “botnets” in the world, referring to computer networks that have been infected with malicious software so that they can be controlled remotely without the owner’s knowledge — often to send phishing emails. These emails can in turn be used to hack into victims’ computer systems, which attackers will hold for ransom. 

Qakbot was instrumental in enabling cyberattacks against businesses and critical services around the world, according to US officials, including hits on the San Bernardino County Sheriff’s Department and hospitals run by Prospect Medical Group. The latter resulted in the closure of emergency rooms and medical facilities across the US.   

“The FBI neutralized this far-reaching criminal supply chain, cutting it off at the knees,” US Federal Bureau of Investigation Director Christopher Wray said in a statement. “The victims ranged from financial institutions on the East Coast to a critical infrastructure government contractor in the Midwest to a medical device manufacturer on the West Coast.

Related:Linux Malware: What To Know About the Malware Threat

US officials estimated that, since its creation in 2008, Qakbot had infected around 200,000 computers in the US and 700,000 globally.

“Qakbot is a long-standing operation spanning more than a decade that has adapted and evolved with the times — initially focused on traditional banking fraud and later pivoting its focus to act as a foothold to support ransomware intrusions,” said Kimberly Goody, a senior manager at the Google-owned cybersecurity firm Mandiant. 

Goody warned that take-downs don’t always result in total disruption of the bad actors behind these botnets, and they may “pivot to underground communities” to find other ways in. 

“Any impact to these operations is welcomed as it can cause fractures within the ecosystem and lead to disruptions that cause actors to forge other partnerships — even if it’s only temporary,” Goody said. 

About the Author(s)

Bloomberg News

The latest technology news from Bloomberg.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like