Last Updated on October 14, 2020
The Microsoft corporation, in tandem with several other tech firms, have moved to disable a disruptive ransomware botnet that had the capability to disrupt the November General Election in the United States.
Microsoft said it obtained legal authorization through a court order before using “technical action” to prevent Trickbot, a network of connected computers that run hacking bots, from executing new infections, activating dormant ransomware, or otherwise using its capabilities to disrupt the upcoming US elections.
Executives at Microsoft held a chief concern that Trickbot’s criminal operators would attempt to disrupt the US elections by targeting the many systems used to maintain voter rolls and report election results.
Microsoft took action against the Trickbot botnet, disrupting one of the world’s most persistent malware operations. In this blog, we detail the evolution of Trickbot, associated tactics, recent campaigns, and dive into the anatomy of a specific attack. https://t.co/AWhEIZHxgK
— Microsoft Security Intelligence (@MsftSecIntel) October 12, 2020
A report by the New York Times indicated that US Cyber Command engaged in addressing the threat, executing its own actions against Trickbot. The two operations do not appear to be coordinated.
The court order attained by Microsoft allowed them to disable IP addresses for the servers used by Trickbot, suspend services, make server content inaccessible, and block Trickbot’s criminal operators from employing more servers.
Microsoft has also initiated copyright litigation against Trickbot for “malicious use” of code. Microsoft argued that the crime network is abusing its trademark.
TrickBot is one of these more significant types of malware. Detected in 2016 as a banking trojan, it captured banking credentials for criminal enterprises. It has since metastasized in its capability to gain access to email accounts, system and network information, tax information, and it can send spam emails to infect other victims.
That legislation and legal action has not been adopted globally to punish internet providers for facilitating the existence of this criminal enterprise is a question that has, to date, gone unanswered.