SEATTLE (CBSDFW.COM/CNN) – It’s called Trickbot and Microsoft says it has taken down servers behind the malware network that they feel could have indirectly affected election infrastructure.
The company said Monday it took down the servers behind Trickbot, an enormous malware network that criminals were using to launch other cyberattacks, including a strain of highly potent ransomware.
Microsoft said it obtained a federal court order to disable the IP addresses associated with Trickbot’s servers, and worked with telecom providers around the world to stamp out the network. The action coincides with an offensive by U.S. Cyber Command to disrupt the cybercriminals, at least temporarily, according to The Washington Post.
Microsoft acknowledged that the attackers are likely to adapt and seek to revive their operations eventually. But, Microsoft said, the company’s efforts reflect a “new legal approach” that may help authorities fight the network going forward.
Trickbot allowed hackers to sell what Microsoft said was a service to other hackers — offering them the capability to inject vulnerable computers, routers and other devices with other malware.
“Adversaries can use ransomware to infect a computer system used to maintain voter rolls or report on election-night results, seizing those systems at a prescribed hour optimized to sow chaos and distrust,” Microsoft VP of security Tom Burt wrote in a blog post.
He added: “We have now cut off key infrastructure so those operating Trickbot will no longer be able to initiate new infections or activate ransomware already dropped into computer systems.”
A separate technical report by Microsoft on Monday said Trickbot has been used to spread the Ryuk ransomware. Security experts say Ryuk has been attacking 20 organizations per week, and was reportedly the ransomware that Universal Health Services, one of the nation’s largest hospital companies.
But Trickbot has also been used to spread false and malicious emails containing malware that tried to lure victims in with messaging surrounding Black Lives Matter and COVID-19, Microsoft said.
Microsoft said Trickbot has infected more than 1 million computing devices globally since 2016 and that its operators have acted on behalf of both governments and criminal organizations, but their exact identity remains ambiguous.
(© Copyright 2020 CBS Broadcasting Inc. All Rights Reserved. The CNN Wire™ & © 2020 Cable News Network, Inc., a Time Warner Company contributed to this report.)