They dismantle the ZLoader cybercriminal network specialized in theft and extortion through ‘ransomware’

The Microsoft Digital Crimes Unit (DCU, for its acronym in English) has dismantled a network of criminal ‘bots’ called ZLoader, which used the technique of ‘malware’ as a service to steal data and extort money, infecting the computing devices of companies , hospitals, schools and private users.

The main objective of ZLoader At first it was financial theft, through the theft of login credentials, although over time cybercriminals began to use the technique of malware as a service to distribute dangerous ransomware like Ryuk.

With this ‘ransomware’ -a malicious program that encrypts the information on a computer and asks for a payment in exchange for its recovery- he went against teams from companies, hospitals, schools and private users, as reported in a statement.

LOOK: Be careful before scanning: QR codes can be a route for theft

Microsoft has obtained a court order of the United States District Court for the Northern District of Georgia, which has allowed him to take control of 65 domains that the ZLoader criminal group used to grow, control and communicate with their network of ‘bots’.

Scope of the ZLoader cybercriminal network dismantled by Microsoft. (Microsoft/)

These domains have been redirected to a Microsoft ‘sinkhole’, so that they can no longer be used by cybercriminals to carry out their criminal activity.

ZLoader contains a Domain Generation Algorithm (DGA) embedded in the ‘malware’ that create additional ones as a backup communication channel for the ‘bot’ network, so in addition to the encrypted domains, Microsoft has been able to take control of another 319 currently registered DGA domains. Work is also underway to block a foreseeable future registration of domains generated by the malicious algorithm.

LOOK: How a file download link can make you lose all your money?

During the investigation, the company identified one of the culprits to create a component used in the ZLoader botnet to distribute ransomware. This is Denis Malikov, a resident of Simferopol, a city on the Crimean peninsula.

Cybersecurity (Photo: Bill Hinton/Getty Images)

By sharing its identity, the tech company seeks to “make it clear” that “cybercriminals will not be allowed to hide behind the anonymity of the internet to commit their crimes.”

DCU led the investigation activities to dismantle the cybercriminal network and had the collaboration of ESET, Black Lotus Labs – Lumen’s threat intelligence unit – and Unit 42 of Palo Alto Networks, which provided data and additional information that helped reinforce the legal action taken carried out by Microsoft through its partners of the Financial Services Information Sharing and Analysis Centers -FS-ISAC- and the Health Information Sharing and Analysis Center -H-ISAC-.

Likewise, it has been a joint effort with the Microsoft Threat Intelligence Center and the Microsoft Defender team, also counting on the contribution of Avast, which supported the Microsoft DCU team in Europe.

Source: Elcomercio