AN INTERNATIONAL operation involving the National Crime Agency has led to the takedown of Qakbot malware, which facilitated ransomware attacks and resulted in damage amounting to millions of pounds worldwide.
Qakbot malware – also known as ‘Qbot’ and ‘Pinkslipbot’ – infected more than 700,000 computers globally, including in the UK, via spam e-mails.
The security operation, led by the FBI and the Department of Justice, realised the seizure of Qakbot’s infrastructure in the US and across Europe on 26 August, with the National Crime Agency ensuring UK servers were taken offline.
US authorities also seized circa $8.6 million dollars’ worth of illicit cryptocurrency profits.
The administrators behind Qakbot offered access to it for a fee and it was a go-to service for cyber criminals for at least 16 years. Qakbot was used by the criminal groups behind the notorious Conti, ProLock, Egregor, REvil, MegaCortex and Black Basta ransomware strains to steal personal data, including banking credentials, from victims.
Will Lyne, head of cyber intelligence at the National Crime Agency, explained: “This investigation has taken out a prolific malware that caused significant damage to victims in the UK and around the world. Qakbot was a key enabler within the cyber crime ecosystem, facilitating ransomware attacks and other serious threats.”
Lyne continued: “The National Crime Agency is focused on disrupting the highest harm cyber criminals by targeting the tools and services that underpin their offending. This activity demonstrates how, working alongside international partners, we are exerting a significantly positive impact on those key enablers and the ransomware business model.”
The National Cyber Security Centre’s Ransomware Hub offers a range of information and guidance aimed at helping organisations to defend themselves against ransomware attacks.
64 High Street, RH19 3DE
04478 18 574309