The Trickbot malware can be used to steal sensitive information, such as financial data and login credentials, and the botnet can be used to infect systems with ransomware. Just this September, the botnet was used against healthcare provider Universal Health Services in an attack that locked up its network with a ransomware called Ryuk.
The Post’s report suggests that CyberCom’ actions are part of its efforts to protect the 2020 Presidential Election against foreign interference. Gen. Paul Nakasone, head of CyberCom, told The Post in a statement back in August:
“Right now, my top priority is for a safe, secure, and legitimate 2020 election The Department of Defense, and Cyber Command specifically, are supporting a broader ‘whole-of-government’ approach to secure our elections.”
That said, the group didn’t cause permanent harm to the botnet’s operations. Krebs says Trickbot operators have already started rebuilding the botnet. Hold Security’s Alex Holden also told the expert that “their ransomware operations are pretty much back in full swing” and that they’re even looking to demand more money from victims to recoup their losses.