Microsoft, Fortra, and others allied to obtain a court order to disrupt cracked copies of software used in ransomware attacks.

Health-ISAC quote:

The court order enables Microsoft and its partners to sever the connection between cybercriminals and infected computers, according to Bob Erdman, associate vice president, research and development at Fortra. “The recent court order will allow Microsoft to take ownership of IP addresses and domains associated with command-and-control servers used by cracked copies of Cobalt Strike and essentially will release the infected systems from control of the cybercriminals,” Errol Weiss, chief security officer of Health-ISAC, elaborates.

This disruption won’t halt cybercriminal operations, but it will put a strain on their resources. There are significant costs to them when faced with disruption efforts like this. “Anything we can do to slow them down or create distrust amongst the cybercriminal network is a good thing,” Weiss explains

April 14


Microsoft’s Digital Crimes Unit (DCU), cybersecurity software company Fortra, and non-profit Health Information Sharing and Analysis Center (Health-ISAC) joined forces to obtain a court order to stop cybercriminals from using Fortra and Microsoft software to facilitate malware attacks.

This court order is not the first time Microsoft has sought legal action against threat actors. In 2021, a federal court in Virginia enabled the DCU to seize websites being leveraged by China-based hacking group Nickel. “These court orders disrupt current activity and can provide some relief until these cybercriminals pivot their tactics and infrastructure,” says Paige Peterson Sconzo, director of healthcare services with Redacted, a cybersecurity services company.

Read full article in InformationWeek here:

Translate »