Microsoft on Monday said it had used a federal court order to break up a Russian botnet that could’ve disrupted the upcoming U.S. election by installing ransomware on government computer systems.
The botnet, dubbed Trickbot, is one of the “world’s most infamous botnets and prolific distributors of ransomware,” Microsoft VP Tom Burt said on Monday. About 1 million computers have been impacted by Trickbot since 2016, the company said. Microsoft received its court order to takedown Trickbot last week, working with several telecom providers around the world to quickly disable its network of compromised computers.
“Adversaries can use ransomware to infect a computer system used to maintain voter rolls or report on election-night results, seizing those systems at a prescribed hour optimized to sow chaos and distrust,” Burt said.
Trickbot is run by Eastern European and Russian cybercriminals, and like other botnets, can use ransomware on infected computers to hold data hostage in exchange for a payout. The concern was that Trickbot, with November 3 just weeks away, could undermine election integrity by targeting state and local computer systems.
“They could tie-up voter registration roles, election night reporting results and generally be extremely disruptive,” Burt told Bloomberg. “Taking out one of the most notorious malware groups, we hope, will reduce the risk of ransomware’s impact on the election this year.”
Botnets like Trickbot can also be used to steal financial information, healthcare data, as well as go after businesses and universities, Microsoft said. Starting on Monday, Microsoft’s effort to dismantle the network should cut off the ability for computers infected by Trickbot to communicate with one another.
Microsoft’s effort comes as other top tech companies, like Facebook and Twitter, have updated their rules to weed out election misinformation. You can read more about Twitter’s move to block “misleading information” from politicians, including early claims of victory, by clicking here.