Microsoft said that it has taken down massive ransomware that posed huge hacking threats to the US elections slated for next month. The tech company said that important election infrastructure would have been affected if the international hacking operation was allowed to continue.
The servers the company said it took down were behind Trickbot, the malicious ransomware used by cybercriminals to launch potent attacks against organizations and governments.
In order to successfully bring down the servers, Microsoft sought and obtained a federal court order from the U.S. District Court for the Eastern District of Virginia to enable it to disable the IP addresses linked with the Trickbot’s servers. It also worked with telecom service providers around the world to bring down the network. Microsoft’s action is coming on the heels of a recent offensive by the US Cyber Command to disrupt the capabilities of malicious hackers ahead of the US elections.
Microsoft said that while it is aware that the hackers will respond with innovative ways to get their operations back up and running again, it is grateful for the new legal approach that provides authorities with a multi-pronged strategy to disrupt the futuristic activities of cybercriminals.
The Trickbot botnet gives hackers the platform and tools to sell malicious ransomware to other hackers who use this malware to infect vulnerable systems around the world. Third-party vendors that provide services to election bodies are particularly prone to these attacks, according to Microsoft and US government officials.
In a technical report presented by Microsoft on Monday, it said that Trickbot was the botnet used to spread the Ryuk ransomware. Ryuk ransomware, according to security experts, is the malicious malware responsible for the attacks on top governmental and private organizations over the years. This malware was connected to the ransomware attack that struck the Universal Health Service earlier this month, in which computers at all of its 250 facilities all over the US were temporarily affected.
The Ryuk ransomware was also fingered in the attack against Nursing Homes, a US Defense Contractor, and the municipal government of Durham, North Carolina.
Microsoft further claimed in its report that the ransomware affected over 1 million computing devices all over the world since 2016.
Trickbot is touted as the most prolific malware since the coronavirus pandemic began since hackers have used it for phishing attacks and other fraudulent scams. It also played a role in obtaining users’ information via the Black Lives Matter movement.
Microsoft said it collaborated with partners such as Black Lotus Labs, NTT, Symantec, and the Financial Services Information Sharing and Analysis Center to disable the global threat.