Feds take down a botnet responsible for ransomware attacks, including a Southern California food distributor
Federal law enforcement officials have disrupted the infrastructure of the notorious Qakbot malware, a malicious computer code used by cybercriminals to commit ransomware, financial fraud, and other cyber-enabled crimes causing "massive losses" to businesses around the world, including a food distribution company in Southern California, officials said Tuesday
Beginning last Friday, law enforcement gained access to the Qakbot botnet, redirected botnet traffic to and through servers controlled by law enforcement, and instructed Qakbot-infected computers to download a Qakbot "uninstall" file that untethered the victim computer from the botnet.
During a press conference in downtown Los Angeles, the DOJ also announced the seizure of more than $8.6 million in cryptocurrency in illicit profits.
Dubbed "Operation Duck Hunt" by authorities, a reference to the bot's name, the takedown represents the largest United States-led financial and technical disruption of a botnet infrastructure leveraged by cybercriminals to commit cyber-enabled criminal activity.
The operation involved actions in the United States, France, Germany, the Netherlands, the United Kingdom, Romania and Latvia, officials said.
"An international partnership led by the Justice Department and the FBI has resulted in the dismantling of Qakbot, one of the most notorious botnets ever, responsible for massive losses to victims around the world," U.S. Attorney Martin Estrada said.
"Qakbot was the botnet of choice for some of the most infamous ransomware gangs, but we have now taken it out. This operation also has led to the seizure of almost 9 million dollars in cryptocurrency from the Qakbot cybercriminal organization, which will now be made available to victims. My office's focus is on protecting and vindicating the rights of victims, and this multifaceted attack on computer-enabled crime demonstrates our commitment to safeguarding our nation from harm."
No further information was released regarding the Southern California company hit by the malware.