Microsoft Takes Down Russian Botnet

Posted on October 12, 2020 by Paul Thurrott in Cloud, Microsoft with 11 Comments

Microsoft announced this morning that it has taken down a Russian botnet called Trickbot that was trying to undermine the U.S. election.

“Trickbot [is] one of the world’s most infamous botnets and prolific distributors of ransomware,” Microsoft explains in the announcement post. “As the United States government and independent experts have warned, ransomware is one of the largest threats to the upcoming elections. Adversaries can use ransomware to infect a computer system used to maintain voter rolls or report on election-night results, seizing those systems at a prescribed hour optimized to sow chaos and distrust.”

According to the software giant, it disrupted Trickbot through a court order and technical action it executed in partnership with telecommunications providers around the world.

“We have now cut off key infrastructure so those operating Trickbot will no longer be able to initiate new infections or activate ransomware already dropped into computer systems,” it says. “In addition to protecting election infrastructure from ransomware attacks, today’s action will protect a wide range of organizations including financial services institutions, government agencies, healthcare facilities, businesses and universities from the various malware infections Trickbot enabled.”

Microsoft also worked with partners like FS-ISAC, ESET, Lumen’s Black Lotus Labs, NTT, and Symantec on the action.

Tagged with ,

Join the discussion!

BECOME A THURROTT MEMBER:

Don't have a login but want to join the conversation? Become a Thurrott Premium or Basic User to participate

Register
Comments (11)

11 responses to “Microsoft Takes Down Russian Botnet”

  1. Chris_Kez

    There's probably something interesting, for someone, in that blog post, but the big takeaways for me were that they described their actions as a "disruption" and later in the post they write "We fully anticipate Trickbot’s operators will make efforts to revive their operations". I guess I'm glad they disrupted this operation?

  2. roho

    Good news as long as it lasts.

  3. mrdrwest

    So that's why their stock ended on a high note October 12, 2020.

  4. Greg Green

    Criminal minds are ingenious. Have an election but then have to pay a billion dollars ransom to get the results...crazy. Good that MS guys and gals were smarter in this case.

Leave a Reply