Microsoft announced Monday that it had taken action to significantly disrupt Trickbot, one of the most notorious bot networks that could have been used to target elections infrastructure.- Trickbot was previously used to distribute ransomware, which experts and government officials warned posed a serious threat to elections and could have been used to target polling places' computer systems.
- Microsoft got permission from a federal court to take over the IP addresses associated with Trickbot's servers in order to quash the network, which the company said is a "new legal approach."
Microsoft has quashed a sprawling network of
The company disrupted servers that were used to run Trickbot, a notorious botnet that has been used to deploy ransomware. Ransomware attacks against local governments have become increasingly common, and experts have warned that a ransomware attack targeting elections offices could cause chaos on election day.
Microsoft said it was able to stamp out Trickbot after it obtained a court order granting permission to take control of the servers that hosted the botnet, and worked with telecom companies to quash the botnet. The action comes after the US military escalated its efforts to take down Trickbot earlier this month.
"We have now cut off key infrastructure so those operating Trickbot will no longer be able to initiate new infections or activate ransomware already dropped into computer systems," Microsoft vice president of security Tom Burt wrote in a blog post on the matter.
Trickbot had used malicious code to infect more than a million devices across the globe. The hackers behind the botnet would sell their services to other hackers, using the bots to deploy Ryuk ransomware that's used to take a target's computer systems offline until they agree to pay a ransom.
Last month, Ryuk was reportedly used to take down the computer systems of Universal Health Services, one of the largest hospital chains in the US. The hack took UHS' systems offline for nearly a week, delaying surgeries and forcing staff to work with pen and paper.
In addition to ransomware, Trickbot has previously been used to spread misinformation and misleading phishing messages that aim to trick victims into thinking hackers are a trusted entity and handing over their personal information. Burt said Trickbot's spam campaigns have previously used messages about COVID-19 and Black Lives Matter protests to grab people's attention and get them to click on malicious links.
The botnet could eventually resurface despite Microsoft's action, but Burt said the company plans to pursue further court orders to preempt such a revival.
"We fully anticipate Trickbot's operators will make efforts to revive their operations, and we will work with our partners to monitor their activities and take additional legal and technical steps to stop them," Burt said.