TrickBot and Microsoft Face-off Once Again

Microsoft recently led a coalition of cyber-security firms on a global takedown against one of the world’s largest malware botnet and cybercrime operators, TrickBot.

While initial efforts brought down the botnet, TrickBot operators brought new servers online in an effort to continue their criminal activities, leading Microsoft to go on the attack a second time.

Microsoft has said that the coalition slowly chipped away at TrickBot infrastructure and has taken down 94% of the botnet’s C&C servers – not only original servers, but also ones brought online after the initial attack.

Tom Burt, Microsoft’s Corporate Vice President, Customer Security & Trust is quoted as asking “From the time we began our operation until October 18, we have taken down 120 of the 128 servers we identified as TrickBot infrastructure around the world.”

There are seven servers that could not be brought down, due to device owners being unreachable and those systems being located outside of web hosting companies and data centers.

Burt credited the lawyers of Microsoft for the swift response and takedown of the second wave of TrickBot infrastructure. He stated that the company’s lawyers moved in quickly and requested new court orders to have those new servers taken down within days.

Cyber-security firm Intel 471 has stated that the last few TrickBot C&C remnants are located in Brazil, Colombia, Indonesia, and Kyrgyzstan.

Microsoft is trying to prevent the TrickBot group from renting access to the computers they’ve infected to ransomware gangs.

Ransomware gangs could then do more damage, by encrypting the data on the infected computers and demanding a ransom in order for the company to once again have access to their data.

TrickBot has sold access to ransomware gangs in the past.

Thus far, TrickBot in its limited capacity is still operating. Hopefully, Microsoft and its partners can continue to have an impact on their nefarious dealings.

As always, if we can be of help with your network or computer, give us a call here at RHYNO Networks. (855) 749-6648