Microsoft takes down global criminal botnet that could have affected US election
- 4 years ago
Microsoft on Monday said it disrupted a major cybercrime digital network that uses more than 1 million zombie computers to loot bank accounts and spread ransomware.
This could have indirectly affected US presidential election infrastructure if allowed to continue. The action coincides with an offensive by US Cyber Command to disrupt the cybercriminals, at least temporarily, according to The Washington Post.
The operation to knock offline command-and-control servers for a global botnet that uses an infrastructure known as Trickbot to infect computers with malware was initiated with an order that Microsoft obtained in Virginia federal court on October 6.
Trickbot's operators have a decentralised fall-back system and employ encrypted routing. The company took down the servers behind Trickbot, which criminals were using to launch other cyberattacks, including a strain of highly potent ransomware.
Ransomware seizes control of target computers and freezes them until victims pay up — though experts urge those affected by ransomware not to encourage hackers by complying with their demands.
The announcement follows a Washington Post report Friday of a major effort by the US Military's Cyber Command to dismantle Trickbot beginning last month with direct attacks rather than asking providers to deny hosting to domains used by command-and-control servers.
Recently, researchers have noted a rise in Trickbot's use in ransomware attacks targetting everything from municipal and state governments to school districts and hospitals.
A separate technical report by Microsoft on Monday said Trickbot has been used to spread the Ryuk ransomware -- which has been attacking 20 organisations per week, and was reportedly the ransomware that struck Universal Health Services.
Ransomware could pose a risk to the election process if systems designed to support voting are brought down.
Source: Source
Comments