Microsoft: We've just disrupted this ransomware-spreading botnet

Microsoft has carried out another legal-technical takedown against cyber criminals, this time to dismantle the ZLoader botnet’s infrastructure.

ZLoader malware has infected thousands of organizations, mostly in the US, Canada and India, and is known to have distributed the Conti ransomware.      

Microsoft has now received a court order from the US District Court for the Northern District of Georgia that allowed it to seize 65 domains the ZLoader gang had been using for command and control (C&C) for its botnet built from malware that infected businesses, hospitals, schools, and homes.

SEE: Clueless hackers spent months inside a network and nobody noticed. But then a ransomware gang turned up

Those domains now direct to a Microsoft sinkhole, outside of the control of the ZLoader gang. 

Microsoft also gained control over the domains ZLoader used for its domain generation algorithm (DGA), which are used to automatically create new domains for the botnet’s C2.

“Zloader contains a domain generation algorithm (DGA) embedded within the malware that creates additional domains as a fallback or backup communication channel for the botnet. In addition to the hardcoded domains, the court order allows us to take control of an additional 319 currently registered DGA domains. We are

Read More: https://www.zdnet.com/article/microsoft-weve-just-disrupted-this-ransomware-spreading-botnet/#ftag=RSSbaffb68