Central District of California RESOURCES FOR VICTIMS OF THE QAKBOT MALWARE
pAn official website of the United States governmentppHeres how you knowpp
Official websites use gov
A gov website belongs to an official government organization in the United States
pp
Secure gov websites use HTTPS
A lock
Lock
Locked padlock
or https means youve safely connected to the gov website Share sensitive information only on official secure websites
ppMay 22 2025 Russian National and Leader of Qakbot Malware Conspiracy Indicted in LongRunning Global Ransomware Scheme US Attorneys Office Press ReleaseppMay 22 2025 Leader of Qakbot Malware Conspiracy Indicted for Involvement in Global Ransomware Scheme DOJ National Press ReleaseppMay 2 2025 Indictment 225CR00340SBppOn May 22 2025 the US Attorneys Office USAO for the Central District of California filed a Complaint for Forfeiture 225CV04631 against virtual currency and currency defendant assets seized from the operators of the Qakbot botnet According to the allegations in the Complaint the defendant assets are traceable proceeds of and were involved in money laundering offenses pertaining to the payment of ransoms for ransomware attacks resulting from computer intrusions by members of the Qakbot conspiracyppThe USAO will be contacting victims who may have an interest in the defendant assets to provide information about your rights Details on these procedures will be provided in a later communication to you from the USAOppIf you are a victim of the Qakbot malware and associated ransomware you may have a legal interest in the defendant assets If you wish to be contacted and provided with information about the legal process involving the defendant assets as it moves forward please send the following information to QakbotVictimsfbigovppAugust 29 2023 Qakbot Malware Disrupted in International Cyber Takedown US Attorneys Office Press ReleaseppAugust 29 2023 Qakbot Malware Disrupted in International Cyber Takedown DOJ National Press ReleaseppBeginning on August 25 2023 law enforcement gained access to the Qakbot botnet redirected botnet traffic to and through servers controlled by law enforcement and instructed Qakbotinfected computers to download a Qakbot Uninstall file that uninstalled Qakbot malware from the infected computer The Qakbot Uninstall file did not remediate other malware that was already installed on infected computers instead it was designed to prevent additional Qakbot malware from being installed on the infected computer by untethering the victim computer from the Qakbot botnetppHash value for the Qakbot Uninstall file SHA256ppAs a result of this operation the FBI and the Dutch National Police have identified numerous account credentials that were compromised by the Qakbot actors The FBI has provided those credentials to the website Have I Been Pwned which is a free resource for people to quickly assess whether their access credentials have been compromised in a data breach or other activity The Dutch National Police have also set up a website that contains information about additional compromised credentials You can check to see if your credentials were compromised at the following websitesppThis webpage will be updated as more resources become available Victims are encouraged to report the cybercrimes with their local FBI field office or the Internet Crime Complaint Center IC3 at ic3govppShadowserver has disseminated data about historical Qakbot infections to 201 National Computer Security Incident Response Teams and to affected network owners around the worldppQakbot Historical Bot Infections Special Report September 8 2023 httpswwwshadowserverorgnewsqakbothistoricalbotinfectionsspecialreportppThe following documents contain additional information for victims and network defendersppCISA Cybersecurity Advisory Identification and Disruption of QakBot Infrastructure August 30 2023ppThe Shadowserver Foundation Qakbot Botnet Disruption August 29 2023ppSpamhaus Qakbot Breached Email Accounts August 29 2023ppApplication Search Warrant 223MJ4244 signed August 21 2023ppApplication Search Warrant 223MJ4248 signed August 23 2023ppApplication Seizure Warrant 223MJ4251 signed August 23 2023ppCentral District of California312 N Spring St Suite 1200Los Angeles CA 90012ppPhone 213 8942400Fax 213 8940141ppStay ConnectedppppHave a question about Government Servicesp
Official websites use gov
A gov website belongs to an official government organization in the United States
pp
Secure gov websites use HTTPS
A lock
Lock
Locked padlock
or https means youve safely connected to the gov website Share sensitive information only on official secure websites
ppMay 22 2025 Russian National and Leader of Qakbot Malware Conspiracy Indicted in LongRunning Global Ransomware Scheme US Attorneys Office Press ReleaseppMay 22 2025 Leader of Qakbot Malware Conspiracy Indicted for Involvement in Global Ransomware Scheme DOJ National Press ReleaseppMay 2 2025 Indictment 225CR00340SBppOn May 22 2025 the US Attorneys Office USAO for the Central District of California filed a Complaint for Forfeiture 225CV04631 against virtual currency and currency defendant assets seized from the operators of the Qakbot botnet According to the allegations in the Complaint the defendant assets are traceable proceeds of and were involved in money laundering offenses pertaining to the payment of ransoms for ransomware attacks resulting from computer intrusions by members of the Qakbot conspiracyppThe USAO will be contacting victims who may have an interest in the defendant assets to provide information about your rights Details on these procedures will be provided in a later communication to you from the USAOppIf you are a victim of the Qakbot malware and associated ransomware you may have a legal interest in the defendant assets If you wish to be contacted and provided with information about the legal process involving the defendant assets as it moves forward please send the following information to QakbotVictimsfbigovppAugust 29 2023 Qakbot Malware Disrupted in International Cyber Takedown US Attorneys Office Press ReleaseppAugust 29 2023 Qakbot Malware Disrupted in International Cyber Takedown DOJ National Press ReleaseppBeginning on August 25 2023 law enforcement gained access to the Qakbot botnet redirected botnet traffic to and through servers controlled by law enforcement and instructed Qakbotinfected computers to download a Qakbot Uninstall file that uninstalled Qakbot malware from the infected computer The Qakbot Uninstall file did not remediate other malware that was already installed on infected computers instead it was designed to prevent additional Qakbot malware from being installed on the infected computer by untethering the victim computer from the Qakbot botnetppHash value for the Qakbot Uninstall file SHA256ppAs a result of this operation the FBI and the Dutch National Police have identified numerous account credentials that were compromised by the Qakbot actors The FBI has provided those credentials to the website Have I Been Pwned which is a free resource for people to quickly assess whether their access credentials have been compromised in a data breach or other activity The Dutch National Police have also set up a website that contains information about additional compromised credentials You can check to see if your credentials were compromised at the following websitesppThis webpage will be updated as more resources become available Victims are encouraged to report the cybercrimes with their local FBI field office or the Internet Crime Complaint Center IC3 at ic3govppShadowserver has disseminated data about historical Qakbot infections to 201 National Computer Security Incident Response Teams and to affected network owners around the worldppQakbot Historical Bot Infections Special Report September 8 2023 httpswwwshadowserverorgnewsqakbothistoricalbotinfectionsspecialreportppThe following documents contain additional information for victims and network defendersppCISA Cybersecurity Advisory Identification and Disruption of QakBot Infrastructure August 30 2023ppThe Shadowserver Foundation Qakbot Botnet Disruption August 29 2023ppSpamhaus Qakbot Breached Email Accounts August 29 2023ppApplication Search Warrant 223MJ4244 signed August 21 2023ppApplication Search Warrant 223MJ4248 signed August 23 2023ppApplication Seizure Warrant 223MJ4251 signed August 23 2023ppCentral District of California312 N Spring St Suite 1200Los Angeles CA 90012ppPhone 213 8942400Fax 213 8940141ppStay ConnectedppppHave a question about Government Servicesp
