Microsoft and several cybersecurity firms dismantle the TrickBot botnet
Microsoft and Lumen's cybersecurity firms ESET, FS-ISAC, NTT, Symantec and Black Lotus Labs have teamed up to dismantle the TrickBot botnet, one of the most active and dangerous in the world, responsible for ransomware campaigns such as Emotet or Ryuk, very active during the COVID-19 pandemic and posing a great danger to the impending US elections.
A court in Virginia has authorized Microsoft to take control of multiple servers that TrickBot used to infect other systems through a legal attack. Microsoft explains that they have cut off key infrastructure so that those who operate TrickBot can no longer initiate new infections or activate ransomware, which are already on computer systems, or get new servers to add to their botnet.
References:
- 12/10/2020 blogs.microsoft.com New action to combat ransomware ahead of U.S. elections
- 12/10/2020 microsoft.com Trickbot disrupted
- 12/10/2020 welivesecurity.com ESET takes part in global operation to disrupt Trickbot
- 12/10/2020 Symantec Enterprise Blogs Trickbot: U.S. Court Order Hits Botnet’s Infrastructure
- 12/10/2020 zdnet.com Microsoft and others orchestrate takedown of TrickBot botnet
- 13/10/2020 news.microsoft.com Microsoft desactiva la red ‘botnet’ Trickbot para evitar la difusión del ransomware Ryuk ante las elecciones de Estados Unidos
- 13/10/2020 xataka.com Golpe a Trickbot y el ransomware Ryuk: Microsoft y varias empresas de ciberseguridad desactivan una de las mayores botnets del mundo