Microsoft announced this morning that it has taken down a Russian botnet called Trickbot that was trying to undermine the U.S. election.
“Trickbot [is] one of the world’s most infamous botnets and prolific distributors of ransomware,” Microsoft explains in the announcement post. “As the United States government and independent experts have warned, ransomware is one of the largest threats to the upcoming elections. Adversaries can use ransomware to infect a computer system used to maintain voter rolls or report on election-night results, seizing those systems at a prescribed hour optimized to sow chaos and distrust.”
Sign up for our new free newsletter to get three time-saving tips each Friday — and get free copies of Paul Thurrott's Windows 11 and Windows 10 Field Guides (normally $9.99) as a special welcome gift!
"*" indicates required fields
According to the software giant, it disrupted Trickbot through a court order and technical action it executed in partnership with telecommunications providers around the world.
“We have now cut off key infrastructure so those operating Trickbot will no longer be able to initiate new infections or activate ransomware already dropped into computer systems,” it says. “In addition to protecting election infrastructure from ransomware attacks, today’s action will protect a wide range of organizations including financial services institutions, government agencies, healthcare facilities, businesses and universities from the various malware infections Trickbot enabled.”
Microsoft also worked with partners like FS-ISAC, ESET, Lumen’s Black Lotus Labs, NTT, and Symantec on the action.