News & Insights

Topic: Ransomware

Qakbot Botnet Disruption

August 29, 2023
On Tuesday 29th August 2023, the US Department of Justice (DoJ) and US Federal Bureau of Investigations (FBI) - along with law enforcement partners in France, Germany, the Netherlands, and the United Kingdom - announced a disruption action against the very long running Qakbot botnet. The outcomes from the coordinated law enforcement action included deleting the Qakbot malware from infected victim computers (to reduce the risk of further harm), taking down the Qakbot technical infrastructure and seizing $8.6M of alleged illicit cryptocurrency profits. The Shadowserver Foundation is happy to support our law enforcement partners in this major cybercrime disruption operation.

Observations on cyber threat activity and vulnerabilities in the Gulf Region

May 31, 2023
We are happy to continue our efforts in collaboration with the UK FCDO, building on our previous global outreach to Africa, Indo-Pacific, Central and Eastern Europe (CEEC), and Association of Southeast Asia Nations (ASEAN) regions to produce a cyber security spotlight on the Gulf Region. For a review of previous UK FCDO supported activities please read a) UK Foreign, Commonwealth & Development Office funds Shadowserver surge in Africa and Indo-Pacific regions, b) Continuing Our Africa and Indo-Pacific Regional Outreach, c) More Free Cyber Threat Intelligence For National CSIRTs and d) Shadowserver’s New Public Dashboard.

Observations on cyber threat activity and vulnerabilities in Indonesia, Malaysia, Philippines and Thailand

May 30, 2023
Shadowserver has recently been funded by the UK Foreign, Commonwealth & Development Office (FCDO) to provide more detailed and tailored cyber threat insight support to countries in the Association of Southeast Asia Nations (ASEAN), specifically Indonesia, Malaysia, Philippines and Thailand. These activities included obtaining a better understanding of the device makeup of the exposed attack surface in those countries, vulnerability exposure (especially relating to emerging threats) and observed attacks/infected devices - coming both from and directed at the region. The intention is to enrich Shadowserver's free daily threat feeds and public benefit services to the region, providing National CSIRTs and other system defender entities (organizations that are network owners) with a better awareness of their threat and vulnerability landscape, thus helping them to improve their cybersecurity posture.

Helping fight ransomware with NoMoreRansom

July 8, 2020
After successfully collaborating with founder partners Europol and the Dutch National Police on cybercrime disruption for many years, Shadowserver are very pleased to formally join their NoMoreRansom initiative. Available in 36 languages, supported by over 150 law enforcement agencies and business worldwide, and supporting decryption tools for over 120 different ransomware variants, NoMoreRansom is the go-to resource for education and helping victims battle ransomware. We highly recommend that you follow their advice and help support this great public benefit partnership.