Microsoft was initially concerned that Trickboat operators would use the botnet to disrupt the upcoming U.S. election via ransomware. The company said the attackers could lock up systems to maintain voter lists or report election night results. This barrier will also help prevent attempts to hijack bank accounts and intimidate key institutions with ransomware such as Rook. Death of a German hospital patient And attacks on cities Even newspapers.

It does not appear to have coordinated with the US government. Anonymous officials Speaking To New York Times By the end of September, Cyber ​​Command claimed to have started hacking Trickboat’s servers. The paper said Microsoft only discovered the initiative when it launched on its own. In both cases, the anti-botnet plans were aimed at pushing the Russian attacks out of critical moments. It is not clear if Russia intended to use the trickboat for a malware campaign, but this theoretically removes the option without criminals having a chance to reorganize before the November 3 vote.

Whatever the motive, this is still a significant setback. Trickboat was the primary delivery method for ransomware like Duke. In addition to this, cyber criminals and any state-sponsored actors will have to fight to find alternatives. While this is unlikely to be a permanent setback, it will provide safety experts and target some breathing space.