US Authorities Seek to Forfeit $24 Million in Cryptocurrency Linked to Qakbot Malware Leader

By Netvora Tech News

---

A 48-year-old Russian man has been charged by US authorities for allegedly leading a group of criminals behind the Qakbot malware. Additionally, the authorities are seeking to forfeit $24 million in cryptocurrency seized from the man, which they claim is linked to his criminal activities. According to the indictment, the man is responsible for developing, distributing, and managing the Qakbot malware, which he allegedly began working on in early 2008. Qakbot is designed to steal login credentials from infected computers and install additional malware. Starting in 2019, the malware was used to infect thousands of systems worldwide, allowing the perpetrator to create a botnet. The indictment alleges that the man shared access to the infected systems with his co-conspirators, who then deployed ransomware, including Prolock, Dopplepaymer, Egregor, REvil, Conti, Name Locker, Black Basta, and Cactus. The ransomware attacks allegedly generated significant revenue for the perpetrator, who received a portion of the ransom payments made by victims. In August, authorities were able to shut down the Qakbot botnet. The perpetrator and his co-conspirators continued their criminal activities, targeting organizations with "spam bombing" attacks. In these attacks, employees of targeted organizations are bombarded with large volumes of spam emails. The attackers then pose as helpdesk personnel, claiming to be responding to a security incident, and request access to the system. This allows them to further compromise the company's network and ultimately deploy ransomware and steal data. During investigations into the perpetrator, authorities seized a significant amount of bitcoin, valued at $24 million. The US authorities are seeking to forfeit this amount, which they claim is linked to the perpetrator's criminal activities.