How ZLoader Malware Was Taken Down

Contents

Summary Of The Attack

  • Microsoft DCU partnered with other security companies to conduct a takedown of the botnet running ZLoader malware.
  • Using Threat Intelligence, Data Science, Reverse Engineering, and cooperation, the task force captured over 300 domains registered for the botnet.
  • ZLoader’s origin is a trojan, but it has evolved into a Ransomware as a Service platform.
  • ZLoader is the primary distributor of the Ryuk healthcare ransomware.
.

What Happened?

On April 13, 2022, Microsoft announced that their Digital Crimes Unit (DCU) – in a joint effort with ESET, Black Lotus Labs, Palo Alto Networks, HealthISAC, and Financial Services-ISAC – has successfully disrupted the botnet distributing the ZLoader trojan.