Microsoft dismantled the ZLoader botnet, naming key members as a deterrent

Microsoft has taken technical and legal measures to damage the activities of cybercriminals using ZLoader as a malicious service.

More interestingly, Microsoft also decided to publicize the identity of one of the criminals who contributed to the ZLoader ransomware distribution function. The person in question is Denis Malikov who lives in Simferopol, Crimea.

Microsoft believes that revealing the identities of cybercriminals serves as a deterrent to the rest. Microsoft wants cybercriminals to know that they can't hide their identities forever, can't hide forever behind digital masks.

Microsoft has also obtained court approval to control 65 domains that the hacker group is using to develop their botnet. The ZLoader botnet typically includes infected computers from hospitals, schools, homes, and businesses around the globe.

Controlled domains will redirect to a Microsoft website so that users are no longer at risk. Zloader contains a domain generation algorithm (DGA) for the purpose of generating additional domains as a backup or backup communication channel for the botnet. Therefore, in addition to the fixed domain names, Microsoft is also allowed to control 319 registered DGA domains. Microsoft is working hard to block future DGA domain name registrations.

Initially, the purpose of ZLoader was to steal money and login information. Now, they also sell malicious code as a service to distribute ransomware like Ryuk.

Microsoft also thanks the coordination and support of other companies such as ESET, Black Lotus Labs, Palo Alto Networks Unit 42, Avast.

Microsoft notes that the takedown will bring ZLoader down for a long time, but they will certainly try to revive the botnet. Microsoft will closely monitor the activities of this gang and take additional preventive measures if necessary.