An international operation involving the National Crime Agency has led to the takedown of Qakbot malware, which facilitated ransomware attacks and caused millions of pounds worth of damage worldwide.
Qakbot malware (also known as ‘Qbot’ and ‘Pinkslipbot’) infected more than 700,000 computers globally, including in the UK, via spam emails.
The operation, led by the FBI and DoJ, saw the seizure of Qakbot’s infrastructure in the US and across Europe on Saturday [26 August], with the NCA ensuring UK servers were taken offline.
US authorities also seized around 8.6 million dollars-worth of illicit cryptocurrency profits.
The administrators behind Qakbot offered access to it for a fee and it was a go-to service for cyber criminals for at least 16 years.
It was used by the criminal groups behind the notorious Conti, ProLock, Egregor, REvil, MegaCortex, and Black Basta ransomware strains to steal personal data, including banking credentials, from victims.
Will Lyne, Head of Cyber Intelligence at the NCA, said: “This investigation has taken out a prolific malware that caused significant damage to victims in the UK and around the world.
“Qakbot was a key enabler within the cyber crime ecosystem, facilitating ransomware attacks and other serious threats.
“The NCA is focused on disrupting the highest harm cyber criminals by targeting the tools and services that underpin their offending.
“This activity demonstrates how, working alongside international partners, we are having an impact on those key enablers and the ransomware business model.”
The NCSC’s Ransomware Hub offers a range of information and guidance aimed at helping organisations defend against ransomware.
29 August 2023