Skip to main content

Protect your email now against the return of this nasty ransomware botnet

The infamous Trickbot ransomware botnet is on the rise, according to reports from multiple security research firms.

After being dismantled in a joint effort by Microsoft and the Pentagon, the Russian-speaking group of cybercriminals is spreading its malicious software once again, and security research firms are classifying it as a “critical” threat.

Where does it usually show up? Well, in your inbox, of course — the most vulnerable place on the internet.

What is Trickbot?

Trickbot is a botnet with over a million “zombie” computers. Botnets work by infecting computers with malware to add them to a distributed network of other computers. With the malicious software operating, hackers are able to pool the collective resources of the network to launch ransomware attacks, distributed denial of service attacks, and more.

Trickbot is one of the more infamous examples, operating out of numerous locations in Eastern Europe, including Russia, Ukraine, and Belarus. As reported by The Daily Beast, the hacker group and the botnet after which they’re named is on the rise again.

Computers become infected mainly through phishing emails, which usually accuse the reader of committing some sort of crime. After clicking one of the links in the email, the hackers are able to execute malicious code and infect your computer, potentially stealing login information or banking credentials. The network then lobs ransomware attacks against high-value targets — usually businesses and wealthy individuals — to extort them.

Bitdefender, one of the leading antivirus services available, says that “Trickbot is more active than ever.” In May, Bitdefender’s detection systems started picking up increased signs of the tvncDll module, which is an updated version of the vncDll module that Trickbot has used in the past. Bitdefender says this module is used for monitoring potential targets, suggesting that Trickbot is planning another string of attacks.

Security research firm Fortinet has also identified a new strain of ransomware called Diavol. As is typical of ransomware, Diavol encrypts the files on your computer and holds them for ransom. With everything locked, you’ll only have access to a text document that asks you to download a browser and pay a ransom to restore your files. Typically, the files aren’t restored after the ransom is paid, as the criminals continue to extort your data.

Wannacry Ransomware on a computer.
Image used with permission by copyright holder

Fortinet identified the new strain as a “critical” threat, and it’s easy to see why. Trickbot was mostly dismantled by Microsoft and the Pentagon prior to the 2020 U.S. election.

Citing fears of interference, Microsoft was able to eliminate about 94% of Trickbot’s critical infrastructure, largely taking the botnet offline. It didn’t get rid of everything, though, and recent reports show that the group has been quick to rebuild.

How to keep yourself safe

A man's hands typing on a laptop.
Image used with permission by copyright holder

Trickbot doesn’t exploit a single vulnerability, so the only way to keep yourself safe is to follow good cybersecurity practices. The most important thing is to regularly update your operating system. Windows updates patch security vulnerabilities and update the list of known threats. If you’re staying on top of Windows updates, you’ll be protected from threats as security researchers are able to identify them.

It’s important to be careful with your email inbox, too. As mentioned, Trickbot is able to spread through malicious links in emails. Usually citing some small crime, the email will ask you to click on a link to pay a fine or to provide proof you didn’t commit the crime. After you click the link, the software is able to infect your machine and potentially spread through your network to other machines.

Although most phishing emails accuse users of committing a crime, that’s not all you have to look out for. We recommend avoiding links from email addresses you don’t recognize altogether. Once you click, there’s no turning back.

If you’re still worried, you can also invest in or at least set up an antivirus program. Windows Defender, which is included for free with Windows, will protect you from most threats. Windows also includes ransomware protection. However, services like Bitdefender and Avira employ behavioral detection systems to identify new forms of malware based on how they act on your machine.

Editors' Recommendations

Jacob Roach
Lead Reporter, PC Hardware
Jacob Roach is the lead reporter for PC hardware at Digital Trends. In addition to covering the latest PC components, from…
DuckDuckGo’s Windows browser is here to protect your privacy
The Duck Player feature of DuckDuckGo's Windows web browser, showing a video being played.

A few months ago, DuckDuckGo launched a privacy-focused browser on macOS. Well, Windows users no longer have to miss out, as the browser has found its way onto Microsoft’s operating system. If you want a web browsing experience that protects your privacy, it could be a good time to check it out.

The browser is available as a public beta, according to a blog post from DuckDuckGo. It comes with a bunch of built-in privacy protections that could be ideal if you’re tired of trackers and cookies snooping on your internet sessions.

Read more
Hackers have a new way of forcing ransomware payments
kaspersky releases tool to counteract cryptxxx ransomware

Bad actors are becoming craftier with their methods of ransomware attacks by targeting backup storage to force organizations to pay a ransom, according to the software company Veeam.

In the event of a ransomware attack, companies typically have two options: pay the ransom and hope that their data can be restored through a decryptor sent by the bad actors or ignore the ransom demands and restore their data via a backup option, TechRadar reports.

Read more
Hackers sink to new low by stealing Discord accounts in ransomware attacks
a faceless hacker in a black hoodie in front of a computer screen with lines of code on it

As if ransomware wasn’t terrifying enough already, hackers are now trying to hold your Discord account hostage, as well as your files. Thankfully, you can grab your Discord back if you act quickly enough.
This new ransomware campaign was recently discovered by leading cybersecurity firm Cyble, and it’s a particularly nasty one. A wave of similar attacks is emerging, including AXLocker, Octocrypt, and Alice. Ransomware encrypts files on the infected computer before demanding that you pay to decrypt your files to regain access.

Something uniquely cruel about AXLocker is that it also copies your Discord token and sends it to the hacker's server, giving them an opportunity to access and steal your Discord account. The malware is sneaky and leaves file names and extensions intact as it encrypts files so you might not notice anything is wrong until you see the ransom note.

Read more