The Russian-speaking ransomware group removed by Microsoft and the Pentagon last year is back up and running and ready to infect a new stretch of machines. So yes, it’s time to be really be careful which links and attachments you click on unsolicited emails.
The group, known by the nickname of its Trickbot malware, was targeted by the Pentagon's Cyber Command for fears it might decide to interfere in the presidential election. In September 2020, a series of coordinated attacks were launched against infected systems that directed them to a local address instead of a Trickbot control server, and it seemed that the debilitating efforts had been successful.
At least temporarily.
Microsoft also initiated the action, apparently on its own, by crawling the servers that actually used the Trickbot bot network. By working with ISPs in Latin America, Microsoft was able to obtain court orders that meant they could disable the IP addresses included on these servers.
Due to the decentralized nature of the group, reportedly spread across Russia, Ukraine, Belarus and other Eastern European localities, it is almost impossible to put this type out of this type for good. of groups. And despite the arrest of a 55-year-old man for apparently facilitating the spread of Operation Trickbot, there is much evidence that it is coming to an end.
In fact, there are reports from January, that malware attacks with all the essential features of a Trickbot campaign were occurring throughout North America. Menlo Security said: "While the actions of Microsoft and its partners were commendable and Trickbot's activity has been reduced to a small degree, the actors in the threat appear to be motivated enough to restore operations and take charge of the current threat environment ".
I now there are reports from another security company, Fortinet, which claims that the group has helped create another variety of ransomware called Diavol. BitDefender also reports that Trickbot's infrastructure has returned to work and that it has apparently been preparing for a new wave of new attacks.
So what the hell can you do to avoid falling victim to this kind of ransomware? As always, the advice is to keep the system as up to date as possible. I know Windows updates are a problem for the ugly, but you'll get the latest security patches for known vulnerabilities if you stay up to date.
There is also the fact that targeted ransomware attacks are generally targeted at large companies and insurance or legal companies. They usually take the form of an email telling you that they caught you dodging something, perhaps a traffic violation, and encourage you to click on a link to prove your violation.
So, again, be really really be careful what you click on when someone sends you an email. At the very least, it’s probably a bad joke or something you might spend time working on, but at worst, it could cost a fortune.