{"id":46211,"date":"2022-04-14T15:58:55","date_gmt":"2022-04-14T15:58:55","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/33328\/Microsoft-Disrupts-Ransomware-Spreading-Botnet.html"},"modified":"2022-04-14T15:58:55","modified_gmt":"2022-04-14T15:58:55","slug":"microsoft-disrupts-ransomware-spreading-botnet","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/microsoft-disrupts-ransomware-spreading-botnet\/","title":{"rendered":"Microsoft Disrupts Ransomware Spreading Botnet"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/www.zdnet.com\/a\/img\/resize\/4ccdc435bf68f5f679e7e7cb04f4c06efd7bb3bc\/2021\/09\/16\/c22aaa4d-4315-43d3-ba0a-f368b6073e2a\/shutterstock-1177798309.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\" class=\"ff-og-image-inserted\"><\/div>\n<p>Microsoft has carried out another legal-technical takedown against cyber criminals, this time to dismantle the ZLoader botnet&#8217;s infrastructure.<\/p>\n<p>ZLoader malware has infected thousands of organizations, <a href=\"https:\/\/www.zdnet.com\/article\/malsmoke-hackers-now-abuse-microsoft-e-signature-verification-tool-in-cyberattacks\/\">mostly in the US, Canada and India<\/a>, and is <a href=\"https:\/\/www.zdnet.com\/article\/this-ransomware-dropping-malware-has-swapped-phishing-for-a-sneaky-new-attack-route\/\">known to have distributed the Conti ransomware<\/a>. &nbsp; &nbsp; &nbsp;<\/p>\n<p>Microsoft has now received a court order from the US District Court for the Northern District of Georgia that allowed it to seize 65 domains the ZLoader gang had been using for command and control (C&amp;C) for its botnet built from malware that infected businesses, hospitals, schools, and homes.<\/p>\n<p><strong>SEE: <a href=\"https:\/\/www.zdnet.com\/article\/clueless-hackers-spent-months-inside-a-network-and-nobody-noticed-then-a-ransomware-gang-took-over\/\" target=\"_blank\" rel=\"noopener\">Clueless hackers spent months inside a network and nobody noticed. But then a ransomware gang turned up<\/a><\/strong><\/p>\n<p>Those domains now direct to a Microsoft sinkhole, outside of the control of the ZLoader gang.&nbsp;<\/p>\n<p>Microsoft also gained control over the domains ZLoader used for its domain generation algorithm (DGA), which are used to automatically create new domains for the botnet&#8217;s C2.<\/p>\n<p>&#8220;Zloader contains a domain generation algorithm (DGA) embedded within the malware that creates additional domains as a fallback or backup communication channel for the botnet. In addition to the hardcoded domains, the court order allows us to take control of an additional 319 currently registered DGA domains. We are also working to block the future registration of DGA domains,&#8221; <a href=\"https:\/\/blogs.microsoft.com\/on-the-issues\/2022\/04\/13\/zloader-botnet-disrupted-malware-ukraine\/\" target=\"_blank\" rel=\"noopener noreferrer\" data-component=\"externalLink\">said Amy Hogan-Burney, general manager of Microsoft&#8217;s Digital Crimes Unit<\/a>.&nbsp;<\/p>\n<p>Microsoft led the action against ZLoader in partnership with researchers from <a href=\"https:\/\/www.welivesecurity.com\/2022\/04\/13\/eset-takes-part-global-operation-disrupt-zloader-botnets\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">ESET<\/a>, <a href=\"https:\/\/waggeneredstrom-my.sharepoint.com\/personal\/bgluckman_we-worldwide_com\/Documents\/Documents\/DCU\/ZLoader\/https\/www.lumen.com\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">Lumen<\/a>&#8216;s <a href=\"https:\/\/www.lumen.com\/en-us\/security\/black-lotus-labs.html\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">Black Lotus Labs<\/a>, and <a href=\"https:\/\/unit42.paloaltonetworks.com\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">Palo Alto Networks Unit 42<\/a>. Avast also assisted in Microsoft&#8217;s DCU European investigation. According to ESET, Zloader had about 14,000 unique samples and more than 1,300 unique C&amp;C servers.<\/p>\n<p>Microsoft acknowledges ZLoader is not finished and is also working with ISPs to identify and remediate infections on infected systems. It&#8217;s also referred the case to law enforcement.&nbsp;<\/p>\n<p>Microsoft in 2020 <a href=\"https:\/\/www.zdnet.com\/article\/trickbot-botnet-survives-takedown-attempt-but-microsoft-sets-new-legal-precedent\/\">used a similar legal-technical approach<\/a> to taking down the Trickbot botnet. &nbsp;<\/p>\n<p>Microsoft in its&nbsp;<a href=\"https:\/\/www.microsoft.com\/security\/blog\/2022\/04\/13\/dismantling-zloader-how-malicious-ads-led-to-disabled-security-tools-and-ransomware\/\" target=\"_blank\" rel=\"noopener noreferrer\" data-component=\"externalLink\">technical analysis of ZLoader<\/a> notes that the group used Google Ads to distribute Ryuk ransomware, allowing it to bypass email security and have it appear in the browser instead. Malicious ads and email were its primary delivery mechanisms. Each campaign impersonated known tech brands, including Java, Zoom, TeamViewer, and Discord.&nbsp; &nbsp;<\/p>\n<p>&#8220;The actors would purchase Google Ads for key terms associated with those products, such as &#8220;<em>zoom videoconference<\/em>.&#8221; Users who performed Google searches for those terms during a specific time would be presented with an advertisement that led to the form grabbing malicious domains,&#8221; Microsoft explains.&nbsp;<\/p>\n<p>For email delivery, the group often used Microsoft Office attachments and abused macros to infect machines. The lures to trick victims into opening a document and enable macros included COVID-19 alerts, overdue invoice payments and fake resumes. &nbsp;<\/p>\n<p>It is probably not the end of the story yet, though. &#8220;Our disruption is intended to disable ZLoader&#8217;s infrastructure and make it more difficult for this organized criminal gang to continue their activities. We expect the defendants to make efforts to revive ZLoader&#8217;s operations,&#8221; Microsoft said.<\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/33328\/Microsoft-Disrupts-Ransomware-Spreading-Botnet.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[9958],"class_list":["post-46211","post","type-post","status-publish","format-standard","hentry","category-packet-storm","tag-headlinemalwaremicrosoftbotnet"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Microsoft Disrupts Ransomware Spreading Botnet 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/microsoft-disrupts-ransomware-spreading-botnet\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Microsoft Disrupts Ransomware Spreading Botnet 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/microsoft-disrupts-ransomware-spreading-botnet\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-04-14T15:58:55+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.zdnet.com\/a\/img\/resize\/4ccdc435bf68f5f679e7e7cb04f4c06efd7bb3bc\/2021\/09\/16\/c22aaa4d-4315-43d3-ba0a-f368b6073e2a\/shutterstock-1177798309.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-disrupts-ransomware-spreading-botnet\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-disrupts-ransomware-spreading-botnet\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Microsoft Disrupts Ransomware Spreading Botnet\",\"datePublished\":\"2022-04-14T15:58:55+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-disrupts-ransomware-spreading-botnet\\\/\"},\"wordCount\":515,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-disrupts-ransomware-spreading-botnet\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/4ccdc435bf68f5f679e7e7cb04f4c06efd7bb3bc\\\/2021\\\/09\\\/16\\\/c22aaa4d-4315-43d3-ba0a-f368b6073e2a\\\/shutterstock-1177798309.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\",\"keywords\":[\"headline,malware,microsoft,botnet\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-disrupts-ransomware-spreading-botnet\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-disrupts-ransomware-spreading-botnet\\\/\",\"name\":\"Microsoft Disrupts Ransomware Spreading Botnet 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-disrupts-ransomware-spreading-botnet\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-disrupts-ransomware-spreading-botnet\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/4ccdc435bf68f5f679e7e7cb04f4c06efd7bb3bc\\\/2021\\\/09\\\/16\\\/c22aaa4d-4315-43d3-ba0a-f368b6073e2a\\\/shutterstock-1177798309.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\",\"datePublished\":\"2022-04-14T15:58:55+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-disrupts-ransomware-spreading-botnet\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-disrupts-ransomware-spreading-botnet\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-disrupts-ransomware-spreading-botnet\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/4ccdc435bf68f5f679e7e7cb04f4c06efd7bb3bc\\\/2021\\\/09\\\/16\\\/c22aaa4d-4315-43d3-ba0a-f368b6073e2a\\\/shutterstock-1177798309.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\",\"contentUrl\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/4ccdc435bf68f5f679e7e7cb04f4c06efd7bb3bc\\\/2021\\\/09\\\/16\\\/c22aaa4d-4315-43d3-ba0a-f368b6073e2a\\\/shutterstock-1177798309.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-disrupts-ransomware-spreading-botnet\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,malware,microsoft,botnet\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinemalwaremicrosoftbotnet\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Microsoft Disrupts Ransomware Spreading Botnet\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Microsoft Disrupts Ransomware Spreading Botnet 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/microsoft-disrupts-ransomware-spreading-botnet\/","og_locale":"en_US","og_type":"article","og_title":"Microsoft Disrupts Ransomware Spreading Botnet 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/microsoft-disrupts-ransomware-spreading-botnet\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-04-14T15:58:55+00:00","og_image":[{"url":"https:\/\/www.zdnet.com\/a\/img\/resize\/4ccdc435bf68f5f679e7e7cb04f4c06efd7bb3bc\/2021\/09\/16\/c22aaa4d-4315-43d3-ba0a-f368b6073e2a\/shutterstock-1177798309.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-disrupts-ransomware-spreading-botnet\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-disrupts-ransomware-spreading-botnet\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Microsoft Disrupts Ransomware Spreading Botnet","datePublished":"2022-04-14T15:58:55+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-disrupts-ransomware-spreading-botnet\/"},"wordCount":515,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-disrupts-ransomware-spreading-botnet\/#primaryimage"},"thumbnailUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/4ccdc435bf68f5f679e7e7cb04f4c06efd7bb3bc\/2021\/09\/16\/c22aaa4d-4315-43d3-ba0a-f368b6073e2a\/shutterstock-1177798309.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp","keywords":["headline,malware,microsoft,botnet"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-disrupts-ransomware-spreading-botnet\/","url":"https:\/\/www.threatshub.org\/blog\/microsoft-disrupts-ransomware-spreading-botnet\/","name":"Microsoft Disrupts Ransomware Spreading Botnet 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-disrupts-ransomware-spreading-botnet\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-disrupts-ransomware-spreading-botnet\/#primaryimage"},"thumbnailUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/4ccdc435bf68f5f679e7e7cb04f4c06efd7bb3bc\/2021\/09\/16\/c22aaa4d-4315-43d3-ba0a-f368b6073e2a\/shutterstock-1177798309.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp","datePublished":"2022-04-14T15:58:55+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-disrupts-ransomware-spreading-botnet\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/microsoft-disrupts-ransomware-spreading-botnet\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-disrupts-ransomware-spreading-botnet\/#primaryimage","url":"https:\/\/www.zdnet.com\/a\/img\/resize\/4ccdc435bf68f5f679e7e7cb04f4c06efd7bb3bc\/2021\/09\/16\/c22aaa4d-4315-43d3-ba0a-f368b6073e2a\/shutterstock-1177798309.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp","contentUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/4ccdc435bf68f5f679e7e7cb04f4c06efd7bb3bc\/2021\/09\/16\/c22aaa4d-4315-43d3-ba0a-f368b6073e2a\/shutterstock-1177798309.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-disrupts-ransomware-spreading-botnet\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,malware,microsoft,botnet","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinemalwaremicrosoftbotnet\/"},{"@type":"ListItem","position":3,"name":"Microsoft Disrupts Ransomware Spreading Botnet"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/46211","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=46211"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/46211\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=46211"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=46211"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=46211"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}