Just when we thought the notorious Qakbot ransomware gang was down for the count, they've made a comeback that's as surprising as finding out your retired network engineer grandma is a secret Fortnite champion. In August, a multi-agency operation led by the FBI seized the gang's infrastructure and dismantled their formidable botnet. But like a villain in a superhero movie, they've returned. Let's dive into how and why this happened.
The Initial Takedown
Before the takedown, Qakbot (also known as QBot, QuackBot, and Pinkslipbot) was a significant player in the cybercrime world. According to ReliaQuest, it accounted for 30% of all malware loaders observed in the first seven months of 2023. The FBI-led operation in August seemed like a significant win, as it not only seized the gang's infrastructure but also uninstalled the malware from 700,000 computers.