
Microsoft obtained a court order to disrupt the largest botnet in the world.
Angela Lang/CNET
This story is part of Elections 2020, CNET’s coverage of the run-up to voting in November.
A group of tech companies dismantled a powerful hacking tool used by Russian attackers just three weeks before the US presidential election. On Monday, Microsoft announced actions against Trickbot, a Russian botnet that’s infected more than a million computers since 2016 and that’s behind scores of ransomware attacks.
Cybersecurity experts have raised concerns about ransomware attacks casting doubt on election results. While a ransomware attack wouldn’t change votes and could only lock up machines, the chaos stirred by a cyberattack could create uncertainty about the outcome of the results.
Election officials in most states have offline backup measures in the event of a ransomware attack, but have a harder time tackling the disinformation that comes with getting hacked. Ransomware attacks are also a concern for counties because they don’t have many cybersecurity resources.
Ransomware attacks have steadily increased over the four years since Trickbot came online, and they’ve targeted municipal institutions like schools, courts and hospitals. Trickbot, the world’s largest botnet, is believed to be behind last month’s ransomware attack on Universal Health Services, which locked up computers in hundreds of hospitals in the US.
Trickbot hasn’t affected any election infrastructure yet, and US officials have noted that there haven’t been significant cyberattacks against the US election, but the takedown announced Monday closes off a powerful tool that Russian hackers could’ve used to interfere with the election.
“We have now cut off key infrastructure so those operating Trickbot will no