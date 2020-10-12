You are here

Home > Technology

Court orders seizure of ransomware botnet controls as US election nears

Mon, Oct 12, 2020 - 8:54 PM

file7cotmkjyx521iu3bvglu.jpg
Microsoft said Monday it used a court order to take control of computers that were installing ransomware and other malicious software on local government networks and threatening to disrupt the November election.
PHOTO: AFP

[SAN FRANCISCO] Microsoft said Monday it used a court order to take control of computers that were installing ransomware and other malicious software on local government networks and threatening to disrupt the November election.

The maker of the Windows operating system said it seized a series of internet protocol addresses hosted by US companies that had been directing activity on computers infected with Trickbot, one of the most common pieces of malware in the world.

More than a million computers have been infected with Trickbot, and the operators use the software to install more pernicious programmes, including ransomware, for both criminal groups and national governments that pay for the access, researchers said.

Trickbot has shown up in a number of public governments, which could be hurt worse if the operators encrypt files or install programmes that interfere with voter registration records or the display and public reporting of election results, Microsoft said.

"Ransomware is one of the largest threats to the upcoming election," said Microsoft Corporate vice president Tom Burt.

SEE ALSO

US energy companies begin restoring oil and gas output after hurricane

Your feedback is important to us

Tell us what you think. Email us at btuserfeedback@sph.com.sg

Among other programmes, Trickbot has been used to deliver Ryuk ransomware, which has been blamed in attacks on the city of Durham and hospitals during the Covid-19 pandemic.

Microsoft worked with Broadcom's Symantec, security firm ESET and other companies to dissect Trickbot installations and trace them to the command addresses, the companies said.

Microsoft for the first time used strict provisions in copyright law to convince a federal judge in the Eastern District of Virginia that since Trickbot used Microsoft code, the company should be able to seize the operator's infrastructure from their unknowing hosting providers.

The seizure follows mechanical attempts to disrupt Trickbot last week by sending the operators bad information, researchers said. The Washington Post reported that US Cyber Command was behind that effort, also aimed at cutting off possible sources of election chaos. Cyber Command did not respond Sunday to a request for comment.

A parallel FBI investigation identified three Eastern Europeans with major roles in the group behind Trickbot, according to one person working with the government in the matter. The person had expected indictments to be unsealed today, but said that step might have been delayed. A Justice Department spokesman did not respond to messages seeking comment over the weekend.

Microsoft said the legal seizures and its deals with telecommunications providers would stop Trickbot from deploying new software or activating pre-installed ransomware.

But Symantec said Trickbot has control points in at least 20 countries, none of which are bound by the US court order.

For that reason, the group running the compromised machines is likely to regroup and may be able to communicate with infected computers in America, if less smoothly than before.

REUTERS

BT is now on Telegram!

For daily updates on weekdays and specially selected content for the weekend. Subscribe to t.me/BizTimes

Technology

SAP users face cost squeeze, pressure to digitalise -survey

Google comes under fire abroad as US prepares antitrust case

AC Ventures targets new US$80m Indonesian startup fund

Can Razer sharpen its strategy?

UK data centre market continues to grow despite Brexit worry

Chinese app to vault over Great Firewall blocked

BREAKING NEWS

Oct 12, 2020 10:30 PM
Government & Economy

Travellers from Sabah must serve 14-day SHN; other new measures also announced

[SINGAPORE] Travellers with recent travel history to Sabah will be required to serve a 14-day Stay-Home Notice (SHN...

Oct 12, 2020 10:18 PM
Government & Economy

BOJ ready to ease more, has tools to cushion pandemic pain

[TOKYO] Bank of Japan Governor Haruhiko Kuroda stressed on Monday his readiness to take additional monetary easing...

Oct 12, 2020 10:07 PM
Life & Culture

Stanford economists win Nobel Prize for research on auctions

[STOCKHOLM] Two Stanford University academics who helped design the US auction that allocates mobile-phone...

Oct 12, 2020 10:00 PM
Companies & Markets

Parkson Retail Asia's auditor flags going concern

PARKSON Retail Asia's auditor has flagged the department store operator's ability to continue as a going concern,...

Oct 12, 2020 09:58 PM
Government & Economy

A collapse of global tax talks could cost US$100b, OECD says

[PARIS] The global economy could shed more than 1 per cent of output if international talks to rewrite cross-border...

RECOMMENDED FOR YOU

Hot stock: Fruit distributor SunMoon slumps amid parent's bankruptcy woes

MinLaw extends contract relief periods; OTPs for commercial, industrial properties included

Brokers' take: Analysts like Kimly for its attractive dividends, strong food-delivery orders

Hawkers United divided in bitter stakeholder spat

The threat of cyber attacks

STAY UPDATED

Choose which free BT newsletters to sign up for here, or get them all below:

By signing up, you agree to our Privacy Policy and Terms and Conditions.

subscribe to
The Business Times
Stay connected with The Business Times
premium content on your favourite platforms
CALL 6388 3838
SUBSCRIBE NOW
Download Our
Apps
Stay up to date with The Business Times for