An international operation involving the National Crime Agency has seen malware which caused millions of pounds of damage worldwide taken down.
Qakbot malware – also known as Qboty and Pinkslipbot – infected more than 700,000 computers globally via spam emails.
The NCA ensured UK servers were taken offline as the operation, led by the FBI and US Department of Justice, seized Qakbot’s infrastructure in the US and across Europe on Saturday.
US authorities seized or froze around 8.6 million dollars (£6.8 million) of illicit cryptocurrency profits.
NCA head of cyber intelligence Will Lyne said: “This investigation has taken out a prolific malware that caused significant damage to victims in the UK and around the world.
“Qakbot was a key enabler within the cyber-crime ecosystem, facilitating ransomware attacks and other serious threats.”
He continued: “The NCA is focused on disrupting the highest harm cyber criminals by targeting the tools and services that underpin their offending.
“This activity demonstrates how, working alongside international partners, we are having an impact on those key enablers and the ransomware business model.”
The administrators behind Qakbot offered access for a fee and it was a go-to service for cyber criminals for at least 16 years.
Typically delivered by phishing emails, Qakbot gave hackers access to computers which could be used to deploy ransomware, steal sensitive information or gather intelligence on victims to use in frauds or scams.
Nearly every sector of the economy has been victimised by Qakbot— US attorney Martin Estrada
It was used by the criminal groups behind the Conti, ProLock, Egregor, REvil, MegaCortex, and Black Basta ransomware strains to steal personal data, including banking credentials, from victims.
It is believed it impacted one in 10 corporate networks and accounted for about 30% of attacks globally.
Announcing the results of the operation on Tuesday, US attorney Martin Estrada said: “Nearly every sector of the economy has been victimised by Qakbot”.
No arrests were made and investigators have not revealed where the malware administrators were based.
Cybersecurity researchers believe they are in Russia or other former Soviet states.
FBI assistant director Donald Alway described Qakbot as “one of the most devastating cybercriminal tools in history” and said the network was “feeding the global cybercrime supply chain”.
More than 50 Qakbot servers were seized by the operation, which also included Europol and police in France, Germany, the Netherlands, Romania and Latvia.
The seized infrastructure was used to remotely dispatch updates which deleted the malware from thousands of infected computers.