Microsoft announced this morning that it has taken down a Russian botnet called Trickbot that was trying to undermine the U.S. election.
“Trickbot [is] one of the world’s most infamous botnets and prolific distributors of ransomware,” Microsoft explains in the announcement post. “As the United States government and independent experts have warned, ransomware is one of the largest threats to the upcoming elections. Adversaries can use ransomware to infect a computer system used to maintain voter rolls or report on election-night results, seizing those systems at a prescribed hour optimized to sow chaos and distrust.”
According to the software giant, it disrupted Trickbot through a court order and technical action it executed in partnership with telecommunications providers around the world.
“We have now cut off key infrastructure so those operating Trickbot will no longer be able to initiate new infections or activate ransomware already dropped into computer systems,” it says. “In addition to protecting election infrastructure from ransomware attacks, today’s action will protect a wide range of organizations including financial services institutions, government agencies, healthcare facilities, businesses and universities from the various malware infections Trickbot enabled.”
Microsoft also worked with partners like FS-ISAC, ESET, Lumen’s Black Lotus Labs, NTT, and Symantec on the action.