A coalition compromising of ESET, Microsoft, FS-ISAC, NTT, Lumen Black Lotus Labs and Symantec managed to disrupt Trickbot botnet, one of the main vectors of ransomware distribution worldwide.
The efforts were made possible due to a court order obtained by Microsoft, as well as technical actions which were made in partnership with various telecoms operators globally. These efforts resulted in the key infrastructure that the operators of Trickbot use being cut off, which meant that the botnet was unable to be used to activate ransomware or new infections that had already been dropped.
Microsoft CVP of customer security and trust, Tom Burt, said that the Trickbot had infected around one million devices in its lifespan. The exact identity of the Trickbot’s operators remains unknown, which means that it is likely that they provide for multiple paymasters, which could include cybercriminal actors or national governments.