Microsoft disrupts ransomware operation that could have interfered with U.

Global News

Breaking news & current latest Canadian news headlines; national weather forecasts & predictions, local news videos, money and financial news; sports stats and scores.

https://globalnews.ca/

The Microsoft sign is shown on top of the Microsoft Theatre in Los Angeles, California, U.S. October 19,2018.

The Microsoft sign is shown on top of the Microsoft Theatre in Los Angeles, California, U.S. October 19,2018.

REUTERS/Mike Blake/File Photo

Microsoft said Monday it had used a court order to take control of computers that were installing ransomware and other malicious software on local government networks and threatening to disrupt the November election.

The maker of the Windows operating system said it seized a series of internet protocol addresses hosted by U.S. companies that had been directing activity on computers infected with Trickbot, one of the most common pieces of malware in the world.

More than a million computers have been infected with Trickbot, and the operators use the software to install more pernicious programs, including ransomware, for both criminal groups and national governments that pay for the access, researchers said.

Trickbot has shown up in a number of public governments, which could be hurt worse if the operators encrypt files or install programs that interfere with voter registration records or the display and public reporting of election results, Microsoft said.

“Ransomware is one of the largest threats to the upcoming election,” said Microsoft Corporate Vice President Tom Burt. Among other programs, Trickbot has been used to deliver Ryuk ransomware, which has been blamed in attacks on the city of Durham, N.C., and hospitals during the COVID-19 pandemic.

Microsoft worked with Broadcom’s Symantec, security firm ESET and other companies to dissect Trickbot installations and trace them to the command addresses, the companies said. Microsoft for the first time used strict provisions in copyright law to convince a federal judge in the Eastern District of Virginia that since Trickbot used Microsoft code, the company should be able to seize the operator’s infrastructure from their unknowing hosting providers.

Trending Stories

The seizure follows mechanical attempts to disrupt Trickbot last week by sending the operators bad information, researchers said. The Washington Post reported that U.S. Cyber Command was behind that effort, also aimed at cutting off possible sources of election chaos. Cyber Command did not respond Sunday to a request for comment.

A parallel FBI investigation identified three Eastern Europeans with major roles in the group behind Trickbot, according to one person working with the government in the matter. The person had expected indictments to be unsealed today, but said that step might have been delayed. A Justice Department spokesman did not respond to messages seeking comment over the weekend.

Microsoft said the legal seizures and its deals with telecommunications providers would stop Trickbot from deploying new software or activating pre-installed ransomware.

But Symantec said Trickbot has control points in at least 20 countries, none of which are bound by the U.S. court order.

For that reason, the group running the compromised machines is likely to regroup and may be able to communicate with infected computers in America, if less smoothly than before.

© 2020 Reuters

Related news

Iranian Missiles, 1.1 Million Oil Barrels Seized By US Amid Fresh Action

The United States revealed on Thursday it had seized Iranian missiles shipped to Yemen and sold 1.1 million barrels of previously seized Iranian oil that was bound for Venezuela, in the Trump...

France Won't «Give Up On Our Values» : Macron After Knife Attack At Church.

French president Emmanuel Macron vowed his country would stand firm against religious extremists after a knife-wielding man killed three people at a church, in the country's second attack blamed on...

With No Local Case In A Record 200 Days, This Country Is World's Envy.

France and Germany are going back into lockdown, while coronavirus cases in the U.S. surging to new highs, but at the other end of the world Taiwan has achieved a different kind of record -- more than...

«Likely To Know By December If We've Covid Vaccine» : Top US Health Expert.

If all goes well, the first doses of a safe and effective coronavirus vaccine will likely become available to some high-risk Americans in late December or early January, Dr. Anthony Fauci, the top US...

NASA spacecraft collects up to 4.5 pounds of asteroid to be sent to Earth

The spacecraft Osiris-Rex won't depart Bennu's neighbourhood until March at the earliest, when the asteroid and Earth are properly aligned.

«Risk Of Civil Unrest» Around US Election, Warns Mark Zuckerberg.

Facebook chief Mark Zuckerberg on Thursday warned of the potential for civil unrest as votes are tallied in a US election that will be "a test" for the social network.

Twitter Deletes Ex-Malaysian PM's Tweet For Glorifying Attack In France.

Social networking platform Twitter on Thursday removed former Malaysian Prime Minister Mahathir Mohamad's tweet, for violating its rules banning the glorification of violence, shortly after a violent...

Two Indian-Americans Among Joe Biden's Core Advisors: Reporte.

Two prominent Indian-Americans are among Democratic Presidential nominee Joe Biden's "core advisers" who have been guiding him on issues ranging from the coronavirus pandemic, economic recovery to...

Walmart stops displaying guns, ammunition at U.S. stores, citing ‘civil unrest’

The discounter said the items remain available for purchase by customers.

Amid Protests, Walmart Removes Guns From Display At US Stores.

Walmart plans to remove guns and ammunition from its sales floors in the US following unrest in Philadelphia this week, a spokeswoman said Thursday.

By continuing to browse World News (UAZMI), you acknowledge that you have read the Terms of Use and agree to the use of cookies