- The huge qakbot bust of the FBI only stopped the reign of the malware; Returned stronger and stealthy
- The new Qakbot spam bomb attacks trick employees to unleash ransomware within their own companies
- Although thousands of millions seized, Qakbot’s master mind is still free in Russia, far from the US police
In an important repression of cyber crime, the FBI and international partners declared the victory against Qakbot, also known as QBOT, in August 2023.
The malware operation, which infected more than 700,000 computers worldwide (including around 200,000 in the USA.), Was linked to $ 58 million in ransomware related losses.
Described by US prosecutor Martin Estrada as “the most significant technological and financial operation led by the Department of Justice against a botnet”, Operation Duck Hunt led to the seizure of 52 servers and the confiscation of $ 8.6 million in cryptocurrencies, but, as with many supposed Knockouts in cybernetic, the celebration was premature.
Qakbot resurfaces
In just three months, Qakbot resurfaced, demonstrating that even coordinated actions for the application of intensive law can have a disappointingly limited long -term impact.
After the 2023 demolition, the alleged leader Rustam Rafailevich Galllyamov and his crew did not withdraw, they adapted, instead of depending on the traditional phishing to distribute malware, according to the reports, they moved to more deceptive tactics.
And according to The registrationThe accusations just without stamps reveal a novel strategy that involves “Spam pump attacks”, overwhelming employee input trays with unwanted subscription emails.
The attackers would be raised while IT staff offered to help, cheating the victims to execute malicious code.
This tactic allowed the group to recover access to the company’s systems, encryption files and extinguish confidential data.
“The defendant Galllyamov and the conspirators would launch attacks of spam bombs aimed at employees of victims companies,” say judicial documents, “and then they would contact those employees, who are passed through information technology workers.”
Once the access was granted, the consequences were fast and serious: data theft, encryption and rescue demands.
Qakbot malware allows attackers rear door systems, install additional threats and harvest credentials.
The operators behind the ransomware strains such as Revil, Black Enough and allegedly paid Galllyamov and their associates for access, or even shared a part of their extorted income.
In April 2025, additional illicit funds, more than 30 Bitcoin and US $ 700,000 of Galllyamov were seized, but he remains in Russia, beyond the reach of the US police.
As federal officials say, “unless he decides foolishly abandoning the protection of the homeland,” Galllyamov is likely to remain untouchable.
To stay protected from this type of threats, organizations must invest in the best antivirus; In addition, using a leading final point protection platform can help detect and isolate suspicious activities before it becomes a data violation or a ransomware attack.
