Microsoft uses copyright claims to fight ransomware
Microsoft and others have executed an unusual legal strategy to dismantle Trickbot, one of the world’s largest botnets and prolific distributors of ransomware, based on an approach that includes copyright claims.
Yesterday, October 12, Microsoft announced that it took action after the US District Court for the Eastern District of Virginia granted its request for a court order to halt Trickbot’s operations.
A botnet is a collection of individual computers infected with malware that allows communication among these computers and communication with computers providing control instructions.
“Our case includes copyright claims against Trickbot’s malicious use of our software code,” said the blog post. “This approach is an important development in our efforts to stop the spread of malware, allowing us to take civil action to protect customers in the large number of countries around the world that have these laws in place.”
Utilising copyright claims in its lawsuit is a new legal approach for Microsoft’s Digital Crimes Unit (DCU).
In the suit, filed earlier this month, Microsoft claimed that the defendants’ infringement of Microsoft’s copyright has been “deliberate, wilful and in utter disregard of Microsoft’s rights”.
“The Trickbot authors’ voluminous, unauthorised, and illegal misappropriation of the Declaring Code has been crucial to Trickbot’s attempts to infiltrate victim devices and steal financial information,” said the suit.
To execute its action, Microsoft formed an international group of industry and telecoms providers, including FS-ISAC, ESET, Lumen’s Black Lotus Labs, NTT and Symantec, a division of Broadcom, in addition to the Microsoft Defender team.
The Virginian court granted approval for Microsoft and its partners to disable IP addresses, render the content stored on command and control servers inaccessible, suspend all services to the botnet operators, and block any effort by the Trickbot operators to purchase or lease additional servers.
“As the US government and independent experts have warned, ransomware is one of the largest threats to the upcoming elections. Adversaries can use ransomware to infect a computer system used to maintain voter rolls or report on election-night results, seizing those systems at a prescribed hour optimised to sow chaos and distrust,” said Microsoft.
The technology company also included trademark infringement claims in its suit, claiming that Trickbot irreparably harms the company “by damaging its reputation, brands, and customer goodwill”.
According to the blog, the suit said the defendants have physically altered and corrupted Microsoft products and, once infected, the Windows operating system “cease to operate normally and are transformed into tools of deception and theft”.
It added: “Customers who experience degraded performance of Microsoft’s product may attribute such poor performance to Microsoft, causing extreme damage to Microsoft’s brands and trademarks and goodwill associated therewith.”
Did you enjoy reading this story? Sign up to our free daily newsletters and get stories sent like this straight to your inbox
Today’s top stories
Is China the AI leader? Not yet
Pakistan opposes India’s bid for Basmati geographical indication
Already registered?
Login to your account
If you don't have a login or your access has expired, you will need to purchase a subscription to gain access to this article, including all our online content.
For more information on individual annual subscriptions for full paid access and corporate subscription options please contact us.
To request a FREE 2-week trial subscription, please signup.
NOTE - this can take up to 48hrs to be approved.
For multi-user price options, or to check if your company has an existing subscription that we can add you to for FREE, please email Adrian Tapping at atapping@newtonmedia.co.uk