FBI Announces Disruption of International Ransomware Network Targeting 200,000 American Computers

Federal investigators have successfully dismantled a criminal ransomware network that caused extensive damage, likely amounting to hundreds of millions of dollars, according to the Justice Department. The FBI and international partners collaborated to disrupt the Qakbot botnet, a collection of infected computers used to carry out cyberattacks. Efforts are now underway to disable the program on thousands of victim computers.

Dubbed “Operation Duck Hunt,” the operation also resulted in the seizure of nearly $9 million in cryptocurrency that was collected in criminal ransomware campaigns. Qakbot victimized approximately 700,000 individuals globally in 2023, with around 200,000 victims located in the United States. Small businesses, healthcare providers, and government agencies, including a defense manufacturer in Maryland, fell victim to attacks associated with the network.

Qakbot is known as a notorious and widely-used initial access broker utilized by illicit actors worldwide to hold computer systems hostage until victims pay a ransom. The botnet gains access to devices through spam emails containing malicious links. Criminal groups like Conti and REvil, the latter of which attacked JBS, the world’s largest meat processing company, in 2021, leveraged Qakbot to gain access to infected computers and launch ransomware campaigns. These groups were likely affected by the recent FBI operation.

Botnets such as the one targeted by the FBI surreptitiously take control of computers and coordinate their activities to carry out cybercrimes. As part of Operation Duck Hunt, the FBI gained access to the Qakbot infrastructure and redirected cyberactivity to servers controlled by US investigators. They were then able to inject the malware with a program that released victim computers from the botnet, freeing them from the malicious host. The investigation is ongoing, with 52 servers seized and no arrests made thus far.

Law enforcement officials emphasized that the ransomware groups targeted hospitals and critical infrastructure vital to national security. While the financial losses resulting from Qakbot’s cyber campaigns are estimated to be in the hundreds of millions of dollars, the protection of national interests is of utmost importance. FBI Director Christopher Wray praised the success of the operation, highlighting how the FBI’s capabilities and strategies are effectively combating cybercriminals and ensuring the safety of the American people.

This takedown of the Qakbot network aligns with the government’s approach to not only disrupt criminal cyber networks but also empower victims with the necessary tools to counter malware attacks. The FBI previously dismantled the international ransomware group known as Hive earlier this year, seizing their servers and providing decryption keys to victims. The Qakbot operation represents a step forward in fostering collaboration between law enforcement and victims in combating cyber threats.

According to cybersecurity firm Mandiant’s senior manager, Kimberly Goody, the impact on Qakbot’s operations is significant, potentially causing fractures within the ecosystem and leading actors to form temporary partnerships. The success of Operation Duck Hunt serves as a testament to the FBI’s commitment to combating cybercrime and protecting national security.

Original Source: [CBS News](https://www.cbsnews.com/news/fbi-takedown-qakbot-botnet-ransomware-network/)

Original Story at www.cbsnews.com – 2023-08-29 20:01:51