Microsoft disrupts ransomware distributor with ties to Ryuk: 5 notes

On Oct. 12, Microsoft took action to disrupt ransomware distributor Trickbot, according to a company blog post.

Five details:

1. Trickbot has infected more than a million computing devices over the past four years and Microsoft obtained a court order and technical action to disrupt the ransomware distributor, cutting off key infrastructure to operations that will prevent new infections or ransomware activation already existing in computer systems.

2. The action aims to protect several organizations, including healthcare facilities, government agencies and election infrastructure from Trickbot-enabled malware infections.

3. Ahead of the disruption, Microsoft conducted an investigation into Trickbot and published findings in the blog post: “What makes [Trickbot] so dangerous is that it has modular capabilities that constantly evolve, infecting victims for the operators’ purposes through a ‘malware-as-a-service’ model. Its operators could provide their customers access to infected machines and offer them a delivery mechanism for many forms of malware, including ransomware.”

4. Trickbot is the most prolific malware with COVID-19 themed lures in phishing email campaigns, according to Microsoft’s investigation.

5. Trickbot has delivered Ryuk crypto-ransomware in the past; it crippled the IT network of a German hospital and is suspected to have played a role in the King of Prussia, Pa.-based Universal Health Services cybersecurity incident. Ryuk has been attributed to cyberattacks against hospitals during the pandemic, according to Microsoft’s post.

More articles on cybersecurity:
New York practice to pay $100K for violating HIPAA Right of Access rule
Transcriptionist accused of stealing patient records, attempted extortion: 4 details
What 4 facilities did after ransomware attacks: Permanent closures, temporary service suspensions & more


© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.