Skip to main content

Protect your email now against the return of this nasty ransomware botnet

The infamous Trickbot ransomware botnet is on the rise, according to reports from multiple security research firms.

After being dismantled in a joint effort by Microsoft and the Pentagon, the Russian-speaking group of cybercriminals is spreading its malicious software once again, and security research firms are classifying it as a “critical” threat.

Where does it usually show up? Well, in your inbox, of course — the most vulnerable place on the internet.

What is Trickbot?

Trickbot is a botnet with over a million “zombie” computers. Botnets work by infecting computers with malware to add them to a distributed network of other computers. With the malicious software operating, hackers are able to pool the collective resources of the network to launch ransomware attacks, distributed denial of service attacks, and more.

Trickbot is one of the more infamous examples, operating out of numerous locations in Eastern Europe, including Russia, Ukraine, and Belarus. As reported by The Daily Beast, the hacker group and the botnet after which they’re named is on the rise again.

Computers become infected mainly through phishing emails, which usually accuse the reader of committing some sort of crime. After clicking one of the links in the email, the hackers are able to execute malicious code and infect your computer, potentially stealing login information or banking credentials. The network then lobs ransomware attacks against high-value targets — usually businesses and wealthy individuals — to extort them.

Bitdefender, one of the leading antivirus services available, says that “Trickbot is more active than ever.” In May, Bitdefender’s detection systems started picking up increased signs of the tvncDll module, which is an updated version of the vncDll module that Trickbot has used in the past. Bitdefender says this module is used for monitoring potential targets, suggesting that Trickbot is planning another string of attacks.

Security research firm Fortinet has also identified a new strain of ransomware called Diavol. As is typical of ransomware, Diavol encrypts the files on your computer and holds them for ransom. With everything locked, you’ll only have access to a text document that asks you to download a browser and pay a ransom to restore your files. Typically, the files aren’t restored after the ransom is paid, as the criminals continue to extort your data.

Wannacry Ransomware on a computer.

Fortinet identified the new strain as a “critical” threat, and it’s easy to see why. Trickbot was mostly dismantled by Microsoft and the Pentagon prior to the 2020 U.S. election.

Citing fears of interference, Microsoft was able to eliminate about 94% of Trickbot’s critical infrastructure, largely taking the botnet offline. It didn’t get rid of everything, though, and recent reports show that the group has been quick to rebuild.

How to keep yourself safe

A man's hands typing on a laptop.

Trickbot doesn’t exploit a single vulnerability, so the only way to keep yourself safe is to follow good cybersecurity practices. The most important thing is to regularly update your operating system. Windows updates patch security vulnerabilities and update the list of known threats. If you’re staying on top of Windows updates, you’ll be protected from threats as security researchers are able to identify them.

It’s important to be careful with your email inbox, too. As mentioned, Trickbot is able to spread through malicious links in emails. Usually citing some small crime, the email will ask you to click on a link to pay a fine or to provide proof you didn’t commit the crime. After you click the link, the software is able to infect your machine and potentially spread through your network to other machines.

Although most phishing emails accuse users of committing a crime, that’s not all you have to look out for. We recommend avoiding links from email addresses you don’t recognize altogether. Once you click, there’s no turning back.

If you’re still worried, you can also invest in or at least set up an antivirus program. Windows Defender, which is included for free with Windows, will protect you from most threats. Windows also includes ransomware protection. However, services like Bitdefender and Avira employ behavioral detection systems to identify new forms of malware based on how they act on your machine.

Editors' Recommendations

Jacob Roach
Senior Staff Writer, Computing
Jacob Roach is a writer covering computing and gaming at Digital Trends. After realizing Crysis wouldn't run on a laptop, he…
A new phishing scam pretends to be your boss sending you an email
how to back up emails in outlook laptop

One of the latest email scams is a simple yet masterful ploy that gets companies to give up money under the guise of communicating with senior members of an organization within an email chain.

As reported by ZDNet, the scam is called a business email compromise (BEC) campaign and is described as a prompt where a nefarious actor, disguised as a company boss, sends an email that looks like a forwarded email chain, with instructions to an employee to send money. Targets of this type of scam are typically employees in the finance department or someone who has the ability to send wire transfers.

Read more
This new Windows 11 feature will help you protect your passwords
A man sits, using a laptop running the Windows 11 operating system.

The new Windows 11 22H2 update was just released, bringing an interesting security feature. Dubbed "Enhanced Phishing Protection," this feature was made to help users protect their Windows passwords a little bit better.

Enhanced Phishing Protection will warn users whenever they enter their Windows password in places where it's not needed. Here's how it works.

Read more
Hackers can now sneak malware into the GIFs you share
A video call in progress on Microsoft Teams.

How low will malware go to get onto your device? We thought using Minecraft to gain access to your computer was the most nefarious method hackers have produced, but there's a new, even lower type of attack that uses Microsoft Teams and GIFs to mount phishing attacks on your computer.

The new attack is called GIFShell and it installs malware on your computer to steal data. It does so by sneaking itself into innocent-looking GIFs and then waiting for you to share the GIF with your colleagues via Microsoft Teams.

Read more