Microsoft has announced that it’s disrupted one of the world’s most infamous and prolific ransomware distributors, Trickbot.
Microsoft pulled the plug on Trickbot by obtaining a court order to disable Trickbot’s servers’ IP address. It also collaborated with telecoms worldwide to initiate technical actions to further cripple this infamous botnet.
According to Microsoft’s blog post: “We have now cut off key infrastructure so those operating Trickbot will no longer be able to initiate new infections or activate ransomware already dropped into computer systems.”
This comes just three weeks before the US presidential election, and after the impact threat actors had on the 2016 election, it’s critical even the most remote digital threats to the 2020 election are snuffed out now.
Trickbot’s potential impact on the election is hypothetical at this point, but ransomware could impact it multiple ways, including infecting computers used to maintain voter rolls or report on election-night results. This could inject doubt into the election results, potentially causing nationwide distrust in the results.
Though the Trickbot threat is neutralized, for now, Microsoft couldn’t identify those behind the ransomware. Because the hackers are still at large, Microsoft fully expects Trickbot’s operators to attempt to bring the botnet back online. Microsoft will work with its telecom partners to help keep it down.
To complete its investigation that netted it the court order to shut down Trickbot, Microsoft’s Digital Crimes Unit (DCU) worked with leaders in the tech space, including FS-ISAC, ESET, Lumen’s Black Lotus Labs, NTT and Symantec. The Microsoft Defender team also played a role in the investigation.
-
CIOs and CTOs are making high-stakes decisions with incomplete informationNews Architecture, governance, and investment decisions control how fast organizations can move, what risks they can handle, and which opportunities are viable
-
Nvidia touts its contribution to UK sovereign AI plansNews The latest deal sees Nebius expanding capacity in the UK with three new deployments
-
Ransomware cartels are fragmenting into volatile splinter groups, warns Met Police cyber chiefNews Commoditized "cyber crime bazaars" and AI data mining are forcing law enforcement to rewrite its playbook
-
New ransomware threat group, The Gentlemen, has become one of the most active ransomware operators, accounting for 10% of all attacksNews NTT researchers warn that the RaaS group is leveraging SystemBC malware to establish covert tunnelling, evade detection, and support rapid lateral movement across enterprise environments
-
Instructure chose to a pay ransom following the Canvas cyber attack – research shows more than half of security leaders would follow suitAnalysis Opting to pay ransoms creates huge risks for enterprises – you’re relying on the word of criminals
-
Ransomware negotiator sentenced for role in major cyber crime groupNews Deniss Zolotarjovs was a key player in a group associated with Conti
-
Threat actors ditch ‘spray and pray’ attacks in shift to targeted exploitationNews A dip in ransomware volumes points to a more targeted approach focused on vulnerability exploitation
-
Security leaders overconfident about ransomware recovery
News Few manage to recover all their data, and many experience business disruption
-
German authorities want your help finding the hackers behind GandCrab and REvilNews Daniil Maksimovich Shchukin and Anatoly Sergeevitsch Kravchuk are believed to have made millions from ransomware as a service schemes
-
The rise of teen hackers ‘makes for a good headline’, but cyber crime activities peak later in life
News With family responsibilities and mortgages to pay, it's not teenagers dishing out malware or carrying out cyber extortion
