Court grants Microsoft order to seize ransomware botnet controls ahead of US election

‘Ransomware is one of the largest threats to the upcoming election,' Microsoft corporate vice president says

Microsoft said on Monday it had received the order from a federal judge in the Eastern District of Virginia last week that gave Microsoft control of the Trickbot botnet
Microsoft said on Monday it had received the order from a federal judge in the Eastern District of Virginia last week that gave Microsoft control of the Trickbot botnet

Microsoft has been granted a court order to take control of a malware botnet that may install malicuous software on local government networks and could be used in attempts to disrupt the November US election.

On Monday the tech company said it had received the order from a federal judge in the Eastern District of Virginia last week that gave Microsoft control of the Trickbot botnet.

Trickbot is said to have infected more than a million companies since 2016 and is used by operators to install more dangerous programs, including ransomware.

“Adversaries can use ransomware to infect a computer system used to maintain voter rolls or report on election-night results, seizing those systems at a prescribed hour optimized to sow chaos and distrust,” said Microsoft Corporate Vice President Tom Burt.

“Ransomware is one of the largest threats to the upcoming election,” he added.

Operators serve both criminal groups and national governments and nation-states for a variety of objectives, according to research by the company.

Microsoft used copyright law to convince the judge that since Trickbot used Microsoft code, the company should be able to seize the operator’s infrastructure from their unknowing hosting providers.

The court granted approval for the company and its partners to disable the IP addresses, render the content stored on the command and control servers inaccessible, suspend all services to the botnet operators, and block any effort by the Trickbot operators to purchase or lease additional servers, Mr Burt said.

The seizure follows mechanical attempts to disrupt Trickbot last week by sending the operators bad information, according to researchers. 

The company worked with Broadcom’s Symantec, security firm ESET and other companies to dismantle Trickbot installations.

However, Symantec has said that Trickbot has control points in at least 20 countries, which will not be bound by the US court order used to seize control of the botnet.

Christopher Krebs, head of Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security told The Washington Post that the rise of harmful malware activity such as Trickbot could lead to a “global emergency”.

“I firmly believe that we’re on the verge of a global emergency,” he said in a statement to The Post.

“With the US election already underway, we need to be especially vigilant in protecting these systems during this critical time,” Mr Krebs said. “This action proves that when the defenders team up, we can adapt to cripple the bad guys and make meaningful progress in improving our cybersecurity.”

Additional reporting by Reuters

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Please enter a valid email
Please enter a valid email
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Please enter your first name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
Please enter your last name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
You must be over 18 years old to register
You must be over 18 years old to register
Opt-out-policy
You can opt-out at any time by signing in to your account to manage your preferences. Each email has a link to unsubscribe.

By clicking ‘Create my account’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in