Home / News

FBI Takes Down China-Backed Botnet, Facilitates Ransomware Negotiations

FBI Director Chris Wray speaking at the Aspen Cyber Summit, Sept. 18, 2024.

The FBI and international partners dismantled a China-backed botnet run by the Integrity Technology Group, a company linked to Chinese government espionage. FBI Director Christopher Wray announced the operation on Wednesday during the Aspen Digital Security Conference, revealing that the botnet, controlled by Flax Typhoon, had targeted U.S. critical infrastructure. The botnet, consisting of 260,000 infected devices, was built using Mirai malware and attacked U.S. entities, including academics and government agencies.

Botnet dismantled: After the FBI’s Cyber National Mission Force gained control of the botnet’s command servers, the Chinese hackers attempted a counterattack but were ultimately forced to destroy their infrastructure. The FBI estimates that the botnet compromised over a million devices.

FBI ransomware negotiations: Additionally, Wray praised the FBI’s efforts to combat ransomware, highlighting how the agency has saved organizations over $800 million by reverse-engineering ransomware and providing decryption keys. In a notable shift, Wray disclosed that the FBI now helps negotiate ransomware payments in extreme cases. He cited an instance where the FBI helped a U.S. cancer treatment center reduce a ransom demand from $450,000 to $50,000, enabling the hospital to resume critical services.

The U.S. government is pushing for an international treaty to ban ransom payments by government bodies, with the White House leading negotiations through its Counter Ransomware Initiative. The treaty aims to strengthen global cybersecurity efforts by curbing ransom payments to cyber criminals.

NORDVPN DISCOUNT - CircleID x NordVPN
Get NordVPN  [74% +3 extra months, from $2.99/month]
By CircleID Reporter

CircleID’s internal staff reporting on news tips and developing stories. Do you have information the professional Internet community should be aware of? Contact us.

Visit Page

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

IPv4 Markets

Sponsored byIPv4.Global

Threat Intelligence

Sponsored byWhoisXML API

Brand Protection

Sponsored byCSC

Cybersecurity

Sponsored byVerisign

DNS

Sponsored byDNIB.com

Domain Names

Sponsored byVerisign

New TLDs

Sponsored byRadix