Microsoft thwarts massive botnet that could have targeted elections

  • Microsoft announced Monday that it had taken action to significantly disrupt Trickbot, one of the most notorious bot networks that could have been used to target elections infrastructure.
  • Trickbot was previously used to distribute ransomware, which experts and government officials warned posed a serious threat to elections and could have been used to target polling places’ computer systems.
  • Microsoft got permission from a federal court to take over the IP addresses associated with Trickbot’s servers in order to quash the network, which the company said is a “new legal approach.”
  • Visit Business Insider’s homepage for more stories.

Microsoft has quashed a sprawling network of bots that could have been used to target voting infrastructure ahead of the Nov. 3 election, it said on Monday.

The company disrupted servers that were used to run Trickbot, a notorious botnet that has been used to deploy ransomware. Ransomware attacks against local governments have become increasingly common, and experts have warned that a ransomware attack targeting elections offices could cause chaos on election day.

Microsoft said it was able to stamp out Trickbot after it obtained a court order granting permission to take control of the servers that hosted the botnet, and worked with telecom companies to quash the botnet. The action comes after the US military escalated its efforts to take down Trickbot earlier this month.

“We have now cut off key infrastructure so those operating Trickbot will no longer be able to initiate new infections or activate ransomware already dropped into computer systems,” Microsoft vice president of security Tom Burt wrote in a blog post on the matter.

Trickbot had used malicious code to infect more than a million devices across the globe. The hackers behind the botnet would sell their services to other hackers, using the bots to deploy Ryuk ransomware