Left unchecked, this malware network could have impacted the 2020 election.
Tech giant Microsoft announced today that they hade taken measures to stop the activities of Trickbot, a malware network utilized by hackers to perform large-scale cyberattacks. After discovering the IP address of Trickbot’s servers, Microsoft obtained a federal court order to have their operations disabled, working in tandem with internet providers in various countries to ensure they can no longer operate.
According to Microsoft’s report, Trickbot is a service used by malicious hackers, a backdoor network into computer systems all over the world. Hackers pay to use this service, then use their new access to inject malware, ransomware, and other viral programming into computers. Microsoft has acknowledged that disconnecting the Trickbot servers may only be a temporary measure, as hackers are known for adapting and reestablishing their operations after being taken down, but Microsoft has pledged to track them at all times and disconnect them again if they resurface.
This disconnection is especially important now because, according to Microsoft, the particular brand of ransomware that was being circulated by Trickbot could have impacted the integrity of the 2020 US Presidential Election.
“Adversaries can use ransomware to infect a computer system used to maintain voter rolls or report on election-night results, seizing those systems at a prescribed hour optimized to sow chaos and distrust,” Microsoft VP of security Tom Burt wrote in a blog post.
“We have now cut off key infrastructure so those operating Trickbot will no longer be able to initiate new infections or activate ransomware already dropped into computer systems.”
By Microsoft’s estimate, Trickbot malware has infected at least 1 million devices around the world in the last four years. Allegedly, the operators of Trickbot have aligned themselves with both government and criminal entities on different occasions, but the precise identity of its creators and users remain unknown.
