2023-08-31 20:11:00
O FBI announced this week that it has ended the multinational hacking and ransomware operation Qakbot (or Qbot). In this sense, researchers from Check Point Research (CPR) analyzed the group after tracking its activities for years.
For those who don’t know, the group even affected 700 thousand computers worldwide, including machines from financial institutions, government contractors and medical device manufacturers. He was prominently mentioned in the Check Point Software Mid-Year Cybersecurity Report 2023 as the most prevalent of its kind in the world.
Sergey Shykevich is Threat Intelligence Manager at CPR and commented on Qakbot:
We’ve been tracking Qakbot for some time now and this FBI takedown operation is an important step in stopping a major cybercrime operation. We congratulate the FBI and its partners for their efforts in this operation and will continue to monitor the long-term impact on cybercriminals. However, it remains to be seen if it was a total removal or if operators will be able to come back. Therefore, we reinforce the need to continue with phishing awareness campaigns, keep up to date with security patches and adopt adequate anti-ransomware solutions
Qakbot, in turn, is considered a Swiss army knife, being operated by cybercriminals from Eastern Europe since 2008. In general, it is a multifunctional malware, giving the ability to operators to steal data from PCs and still serves as a platform for access to infect victims’ networks with additional malware and ransomware.
In addition to being complex, Qbot is also very adaptable and flexible, being mostly distributed via phishing emails. In order to be able to infect machines, it uses various types of files, such as HTML, ZIP, OneNote, PDF e LNK. It is the most detected malware, with 11% of corporate networks impacted in the first half of this year.
How to prevent ransomware attacks
Check Point Software specialists also took the opportunity to share some recommendations that help protect against this type of attack. For example, one effective measure is to stay current with security patches so that computers always have the latest protections.
Tips also include adopting anti-malware solutions that monitor suspicious behavior and investing in phishing awareness campaigns so employees can spot phishing attempts when they occur.
security
09 Ago
security
04 Ago
Qakbot data in Brazil has not yet been revealed, but it is worth remembering that this was once the second largest country affected by ransomware. Therefore, it is essential to try to protect yourself. Also, check out the tool that can decrypt Akira, another ransomware that affects Windows computers.
1693531340
#Qakbot #Group #malware #analyzed #operations #shut #FBI