Microsoft disrupts infamous Trickbot botnet ahead of US election
Trickbot primarily targets financial institutions, but it could impact the election too

Microsoft has announced that it’s disrupted one of the world’s most infamous and prolific ransomware distributors, Trickbot.
Microsoft pulled the plug on Trickbot by obtaining a court order to disable Trickbot’s servers’ IP address. It also collaborated with telecoms worldwide to initiate technical actions to further cripple this infamous botnet.
According to Microsoft’s blog post: “We have now cut off key infrastructure so those operating Trickbot will no longer be able to initiate new infections or activate ransomware already dropped into computer systems.”
This comes just three weeks before the US presidential election, and after the impact threat actors had on the 2016 election, it’s critical even the most remote digital threats to the 2020 election are snuffed out now.
Trickbot’s potential impact on the election is hypothetical at this point, but ransomware could impact it multiple ways, including infecting computers used to maintain voter rolls or report on election-night results. This could inject doubt into the election results, potentially causing nationwide distrust in the results.
Though the Trickbot threat is neutralized, for now, Microsoft couldn’t identify those behind the ransomware. Because the hackers are still at large, Microsoft fully expects Trickbot’s operators to attempt to bring the botnet back online. Microsoft will work with its telecom partners to help keep it down.
To complete its investigation that netted it the court order to shut down Trickbot, Microsoft’s Digital Crimes Unit (DCU) worked with leaders in the tech space, including FS-ISAC, ESET, Lumen’s Black Lotus Labs, NTT and Symantec. The Microsoft Defender team also played a role in the investigation.
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
-
How to implement a four-day week in tech
In-depth More companies are switching to a four-day week as they look to balance employee well-being with productivity
-
Intelligence sharing: The boost for businesses
In-depth Intelligence sharing with peers is essential if critical sectors are to be protected
-
Hackers breached a 158 year old company by guessing an employee password – experts say it’s a ‘pertinent reminder’ of the devastating impact of cyber crime
News A Panorama documentary exposed hackers' techniques and talked to the teams trying to tackle them
-
The ransomware boom shows no signs of letting up – and these groups are causing the most chaos
News Thousands of ransomware cases have already been posted on the dark web this year
-
Ingram Micro cyber attack: IT distributor says system restoration underway – but some customers might have to wait for a return to normality
News Ingram Micro is gradually getting back on its feet after a recent cyber attack severely disrupted systems.
-
Everything we know about the Ingram Micro cyber attack so far
News A cyber attack on Ingram Micro severely disrupted operations and has been claimed by the SafePay ransomware group.
-
A prolific ransomware group says it’s shutting down and giving out free decryption keys to victims – but cyber experts warn it's not exactly a 'gesture of goodwill'
News The Hunters International ransomware group is rebranding and switching tactics
-
Swiss government data published following supply chain attack – here’s what we know about the culprits
News Radix, a non-profit organization in the health promotion sector, supplies a number of federal offices, whose data has apparently been accessed.
-
Ransomware victims are getting better at haggling with hackers
News While nearly half of companies paid a ransom to get their data back last year, victims are taking an increasingly hard line with hackers to strike fair deals.
-
LockBit data dump reveals a treasure trove of intel on the notorious hacker group
News An analysis of May's SQL database dump shows how much LockBit was really making