The Spokesman-Review Newspaper
The Spokesman-Review Newspaper The Spokesman-Review
Spokane, Washington  Est. May 19, 1883
Current Temperature
43°F
Current Conditions
Fog
View complete weather report

Color Scheme

Subscribe now

Microsoft attempts takedown of global criminal botnet

A woman walks in front of the Microsoft stand during the Cybersecurity Conference in Lille, France, on Wednesday Jan. 29, 2020. Cybersecurity experts say Microsoft’s use of a U.S. court order to persuade internet providers to take down global botnet servers is laudable but not likely to be successful. (Associated Press)
By Frank Bajak Associated Press

computers of unwitting individuals and websites. In recent months, its operators have been increasingly renting it out to other criminals who have used it to sow ransomware, which encrypts data on target networks, crippling them until the victims pay up.

One of the biggest reported victims of a ransomware variety sowed by Trickbot called Ryuk was the hospital chain Universal Health Services, which said all 250 of its U.S. facilities were hobbled in an attack last month that forced doctors and nurses to resort to paper and pencil.

U.S. Department of Homeland Security officials list ransomware as a major threat to the Nov. 3 presidential election. They fear an attack could freeze up state or local voter registration systems, disrupting voting, or knock out result-reporting websites.

Trickbot is a particularly robust internet nuisance. Called “malware-as-a-service,” its modular architecture lets it be used as a delivery mechanism for a wide array of criminal activity. It began mostly as a so-called banking Trojan that attempts to steal credentials from online bank account so criminals can fraudulently transfer cash.

But recently, researchers have noted a rise in Trickbot’s use in ransomware attacks targeting everything from municipal and state governments to school districts and hospitals. Ryuk and another type of ransomware called Conti – also distributed via Trickbot – dominated attacks on the U.S. public sector in September, said Callow of Emsisoft.

Alex Holden, founder of Milwaukee-based Hold Security, tracks Trickbot’s operators closely and said the reported Cybercom disruption – involving efforts to confuse its configuration through code injections – succeeded in temporarily breaking down communications between command-and-control servers and most of the bots.

“But that’s hardly a decisive victory,” he said, adding that the botnet rebounded with new victims and ransomware.

The disruption – in two waves that began Sept. 22 – was first reported by cybersecurity journalist Brian Krebs.

The AP could not immediately confirm the reported Cybercom involvement.