Cyber Security companies dismantle Trickbot ransomware botnet

 hackread.com  10/13/2020 20:22:19 

Trickbot was discovered in 2016 as a banking trojan but with time it was updated to ransomware botnet.

Microsoft, with the help of other cybersecurity and tech companies, has disrupted Trickbot, one of the most sophisticated and notorious malware botnets.

First discovered in August 2016 as a banking trojan; Trickbot stole login credentials from targeted computers and used compromised accounts to spread malicious emails to unsuspecting users.

In 2017 and 2018, Trickbot was updated to hijack cryptocurrency transactions. Its most recent victim was the Black Lives Matter (BLM) movement in which attackers targeted users with a phishing scam loaded with malware to steal email and passwords.

Black Lives Matter movement being exploited to spread Trickbot malware

Screenshot of a fake email that was used in infecting targets with Trickbot botnet.

In a blog post, Tom Burt – Corporate Vice President, Customer Security & Trust said that the end of the Trickbot botnet came after a court order and with the help of telecom and cybersecurity companies around the world. These included ESET, Symantec, a division of Broadcom, NTT, Lumens Black Lotus Labs, and FS-ISAC.

Burt also emphasized that Trickbot posed a massive threat to the US election since it has been the most prolific distributor of ransomware along with malware operation using COVID-19 themed lures.

“Adversaries can use ransomware to infect a computer system used to maintain voter rolls or report on election-night results, seizing those systems at a prescribed hour optimized to sow chaos and distrust,” said Burt in a blog post.

Burt’s statement came just a day afterthe FBI and the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert warning Advanced Persistent Threat (APT) actors are exploiting vulnerabilities to influence upcoming US elections.

Nevertheless, Trickbot has been dismantled while its key infrastructure has been completely cut off. What’s good for Trickbot’s victims is that the botnet can not infect new targets or execute ransomware on systems that were previously infected by it.

“In addition to protecting election infrastructure from ransomware attacks, todays action will protect a wide range of organizations including financial services institutions, government agencies, healthcare facilities, businesses, and universities from the various malware infections Trickbot enabled,” Burt added.

See: Microsoft takes down largest botnet network Necurs

Trickbot botnet may have been disrupted but the fact is that there are several other nasty botnets out there taking advantage of vulnerable/exposed devices and lack of education when it comes to cyber security.

As a user, you need to update your skills to a level where you can secure your devices and differentiate between a legitimate and phishing email. Here are some basic tips on protecting yourself from phishing attacks that lead to malware and ransomware infection.

Did you enjoy reading this article? Do like our page onFacebookand follow us onTwitter.

« Go back