Some threats are too big to outright put a stop to; sometimes, the best result that can be hoped for is damage mitigation. And that’s been the state of Microsoft’s battle with Trickbot for quite a while.
Trickbot is a malware that has, in some circles, become the name of the group distributing it. It’s a Russian-speaking group primarily based out of Russia, Ukraine, Suriname, and Belarus, though the transnational arms have stretched to many places, such as Afghanistan.
According to a report from The Daily Beast, Microsoft has not only been sending cease and desist orders to places all over the globe but has also gone so far as to team up with ISPs in Latin America and Brazil to remove infected routers physically.
The fight against Trickbot has proven complex. Due to the international angle, jurisdictions and associated geopolitics have complicated Microsoft’s efforts to combat the group and its malware. Worse yet, the cybercriminals are constantly expanding operations and shaking up their usual routines to keep their malicious efforts one step ahead of those looking to shut it all down.
A Latvian national was charged in Cleveland, Ohio after being arrested in Florida due to her alleged Trickbot involvement. The FBI was involved in that case, highlighting that many parties are aware of the threat Trickbot poses and are working to stop it. But a threat that has spread so widely so rapidly may not be stoppable by traditional means.