In a combined effort, Microsoft and several other tech companies coordinated a plan to “take down the backend infrastructure of the TrickBot malware botnet.”
This is huge news seeing as TrickBot has infected more than one million computer and IOT devices world-wide and is one of the largest malware botnets around. Starting out in 2016 as a banking trojan, TrickBot then shifted into a multi-purpose MaaS (Malware-as-a-Service) business model, infecting systems and providing access to other criminal groups.
TrickBot and Emotet combined are today’s most active MaaS platforms and literally ‘rent’ “access to infected computers to ransmware gangs such as Ryuk and Conti.”
ZDnet details even further criminal activity, saying “the TrickBot gang also deployed banking trojans and infostealer trojans, and also provided access to corporate networks for BEC scammers, industrial espionage gangs, and even nation-state actors.”
The other organizations involved in the takedown of TrickBot include “Microsoft’s Defender team, FS-ISAC, ESET, Lumen’s Black Lotus Labs, NTT, and Broadcom’s cyber-security division Symantec.”
How did they do it?
All participants initially started their own investigations into TrickBot’s “backend infrastructure of servers and malware modules.” Partners spent months collecting over 125,000 malware samples and extracting, mapping, and analyzing how they operate, including servers used to “control infected computers and serve additional modules.”
Information and copyright claims in hand, Microsoft asked approval from a judge to grant it control over TrickBot’s servers and the court agreed.
In a press release Microsoft explained, “the court granted approval for Microsoft and our partners to disable the IP addresses, render the content stored on the command and control servers inaccessible, suspend all services to the botnet operators, and block any effort by the TrickBot operators to purchase or lease additional servers.”
With key infrastructure cut off, TrickBot will no longer be able to activate new or existing ransomware infections, protecting businesses in a wide range of services. Together, Internet Service Providers (ISPs) and computer emergency readiness teams (CERTs) around the world are working to notify all infected users. A win for the good guys.
After Necurs in March, which infected more than nine million computers world-wide, this is the second major malware botnet taken down this year. Applauding the actions resulting in a safer online experience for all.
Is your business in need of a safer online experience? Contact DarkHound today for all your cybersecurity needs (714) 266-3790 or [email protected].
-Emmy Seigler
Image Source: https://www.canva.com/design/DAEKgdyEac8/-9PznXFOjohKifu81mp_JA/edit?category=tACFajEYUAM