Microsoft Kneecaps Global Malware Network
Microsoft has taken a sledgehammer to an infamous botnet with the potential to interfere in the upcoming US elections.
Trickbot, a global botnet and ransomware distributor, has infected more than a million computing devices – including Internet-of-Things devices such as routers – since 2016. With ransomware being capable of seizing control of computers at crucial moments, experts have warned that it could cause chaos and distrust on election night by disrupting systems such as voter rolls or tabulation and reporting.
According to Tom Burt, Corporate Vice President, Customer Security & Trust at Microsoft, a combination of court orders and collaboration with global telcos has allowed Microsoft to disrupt Trickbot’s operations.
“We have now cut off key infrastructure so those operating Trickbot will no longer be able to initiate new infections or activate ransomware already dropped into computer systems.
“In addition to protecting election infrastructure from ransomware attacks, today’s action will protect a wide range of organisations including financial services institutions, government agencies, healthcare facilities, businesses and universities from the various malware infections Trickbot enabled,” he said.
Following an investigation in which Microsoft was able to gather details about Trickbot’s infrastructure and methods of evading detection, the United States District Court for the Eastern District of Virginia granted a court order for Microsoft to take action against the botnet.
“As we observed the infected computers connect to and receive instructions from command and control servers, we were able to identify the precise IP addresses of those servers.
“With this evidence, the court granted approval for Microsoft and our partners to disable the IP addresses, render the content stored on the command and control servers inaccessible, suspend all services to the botnet operators, and block any effort by the Trickbot operators to purchase or lease additional servers,” said Burt.
Microsoft will now monitor and attempt to block any attempt by Trickbot’s operators to revive the malware.