Microsoft attacks ransomware hackers


Microsoft recently announced that they took down the enormous malware network of servers behind the Trickbot malware that criminals were using to launch cyberattacks, including strains of highly potent ransomware.

Have you heard of Trickbot? TrickBot is a trojan that can get into your computers and networks disguised as something harmless. Typically it’s an email attachment like a PDF or Word Document and if one of them gets opened Trickbot gets launched, opens a backdoor and starts downloading other malware such as ransomware, card skimming software, remote control software and scripts designed to spread the infection through the corporate network or by hijacking the user’s email account. Trickbot allows hackers to sell back door access as a service to other hackers — offering the capability to inject vulnerable computers, routers and other devices with other malware.

Trickbot can deliver ransomware, which US officials have warned could pose a risk to websites that display election information or to third-party software vendors that provide services to election officials. If you’re interested in the episode of ThinkTech where we talked about this a few weeks back, here you go:


Enter Microsoft! The company recently announced that they took down the enormous network of servers behind the Trickbot malware that criminals were using to launch cyberattacks, including strains of highly potent ransomware. Microsoft said it obtained a federal court order to disable the IP addresses associated with Trickbot’s servers and worked with telecom providers around the world to stomp out the network. The hackers behind Trickbot are likely to adapt and revive their operations eventually. But, Microsoft says that this takedown reflects a “new legal approach” that may help authorities fight hacker networks such as this one going forward.

With the election now here, Microsoft’s takedown is more timely than ever. Imagine if hackers could use ransomware to infect the computer systems used to maintain voter rolls or report on election-night results, seizing those systems at a just the right time to create public chaos and distrust.

By the way, Trickbot has been used to spread Ryuk ransomware, reportedly the same ransomware that took down Universal Health Services in the largest hospital breach ever, just a few weeks ago. We did a video on that as well – again, shame on you hackers for taking down a bunch of hospitals. Here’s a link to that video.

Largest hospital breach ever?


Either way, if you’re a member of your company’s IT department and would like some ideas on how to best keep your networks secure, now is an especially good time to reach out. We can help.

I’m Attila, from Cylanda. Stay safe out there.

-Attila