Microsoft disables Trickbot botnet preventing Ryuk ransomware from spreading

 Microsoft Disrupts Trickbot Botnet to Prevent it From Targeting US Election

Microsoft has decided to take action in the fight against malware by taking steps to intervene in the operation of the Trickbot botnet network one of the most active cybercrime networks of the moment.

Technology has partnered with leading cybersecurity partners such as ESET, Black Lotus Labs, NTT, Symantec and FS-ISAC to secure the Trickbot botnet network.

This botnet is made up of at least one million hijacked computers that were infected with trick bot malware and which, according to reports from computer security agencies, would be managed by cybercriminals of Russian origin.

Microsoft attempts takedown of global criminal botnet | National |

Microsoft's strategy to take down network operation has been shielded under technical actions to request a court order that has enabled disabling IP addresses for Trickbot's command and control servers from which the network is directed, suspending services to the operators of those servers, and making server content inaccessible.

In addition to this, the Redmonds managed to block operators from buying or renting more servers, the way preventing the regrouping of computers hijacked by the botnet.

Microsoft was concerned that Trickbot would serve as a Trojan horse (worth the redundancy) to launch attacks that would cause problems in holding the impending US election through ransomware infections.

But it wasn't the only reason. Interrupting the operation of this botnet could also help thwart attempts to hijack bank accounts and threaten critical institutions using ransomware like Ryuk.

Microsoft helped disrupt the infamous Trickbot botnet

This ransomware has been linked to the death of a patient from a German hospital following a computer attack, as well as attacks on strategic infrastructures in cities and even media.

As cybersecurity experts point out, this is likely to be nothing more than a temporary setback in botnet operations and could get back on the run in a few months. However, this fence will serve to give a respite to safety experts and possible objectives, so it remains a significant blow.

Trickbot was the main infection method for ransomware like Ryuk and without this attack platform, cybercriminals will have to figure out to find alternatives.

Post a Comment