Necurs, a cybercriminal network responsible for infecting more than nine million computers globally, is facing disruption on account of coordinated legal and technical steps initiated by Microsoft and its partners across 35 countries, Tom Burt, corporate vice president, customer security and trust at Microsoft, said in a blog post.
On March 5, a local district court in New York issued an order that enabled Microsoft to take control of US-based Necurs users who had been using the network to distribute malware and infect computers, according to the blog published on March 10.
The legal action helped Microsoft and its partners prevent criminals from Necurs to register new domains and execute future attacks.
Necurs was first detected in 2012 by Microsoft’s Digital Crimes Unit, BitSight and other players from the security community first.
“Microsoft has since collaborated with law enforcement agencies, the government and Internet Service Providers (ISPs) to rid computers of malware associated with the Necurs botnet,” explained Burt. If left to thrive, the Necurs has the potential to affect more than 40.6 million victims across the world, the company said.
The most infamous botnet from Necurs is known as Locky, a ransomware malware which was released in 2016. The ransomware would demand payment of between 0.5 and 1 bitcoin as a ransom. In November 2017, the value of bitcoin stood between $ 9000 and $10,000. The criminals possess the private key and control remote servers of the victim, forcing victims to pay to decrypt their files. As of February 2016, Locky was reported to have been sent to about half-million users globally.
In India, the Microsoft Digital Crimes unit along with the Computer Emergency Response Team and National Internet Exchange of India works towards disrupting cyberattacks with Necurs origins. According to Microsoft, the partnerships have prevented Necurs criminals from registering new domains to execute future attacks in the country.
Burt said that they were able to predict over six million unique domains over the next 25 months that would be created by Necurs by analyzing a technique used by Necrus through an algorithm.
“Microsoft reported these domains to their respective registries in countries around the world so the websites can be blocked and thus prevented from becoming part of the Necurs infrastructure,” Burt said.
Burt added that Microsoft would aid in taking control of existing websites and inhibit the ability of the rogue network to register new ones.
The Redmond, Washington based company also said that it is taking the additional step of partnering with internet service providers to rid computers of Necurs infections.