FBI-Led Operation Dismantles QakBot Botnet After 15 Years of Operations

An international law enforcement operation led by the FBI has successfully dismantled QakBot, one of the longest-running and most prolific botnets in cybercrime history, which has facilitated ransomware attacks and financial fraud for over 15 years.

The operation, which involved law enforcement agencies from the United States, France, Germany, the Netherlands, the United Kingdom, Romania, and Latvia, seized QakBot's infrastructure and pushed a removal command to approximately 700,000 infected computers worldwide.

"QakBot has been a persistent threat to organizations worldwide for nearly two decades," said FBI Director Christopher Wray. "Today we've not only disrupted this botnet but also seized over $8.6 million in cryptocurrency that represents proceeds from ransomware attacks facilitated by QakBot."

QakBot, also known as Qbot or Pinkslipbot, started as a banking trojan in 2008 but evolved into a malware delivery platform that has been used to distribute numerous ransomware strains, including Conti, ProLock, Egregor, REvil, MegaCortex, and Black Basta.

According to the FBI, QakBot caused hundreds of millions of dollars in losses to individuals and businesses. The botnet's operators earned fees by providing initial access to compromised networks to ransomware gangs.

Law enforcement officials were able to redirect QakBot traffic to FBI-controlled servers, which delivered an uninstaller that removed the malware from infected machines. The agency has set up a website where potential victims can check if their systems were infected.

While the infrastructure has been seized, law enforcement officials cautioned that the operators remain at large and could potentially attempt to rebuild the botnet.