Microsoft shuts down illegal code-signing operation used by ransomware crims to mask their malware
'Thousands' of US victims, including 12+ machines owned and operated by Redmond
Shut Down covers cybersecurity measures that stop systems, services, or access to contain threats, limit damage, and support safe recovery.
Search across headline titles and summaries.
Background for this topic.
Shutting down is the orderly termination and powering off of a computer, server, or network device; the term can also describe taking a service or system offline. A normal operating-system shutdown closes applications, writes pending data, and stops services, while a forced power-off may leave files or storage in an inconsistent state. Powering down is not the same as securely erasing data or removing an attacker’s persistence.
During incident response, shutting down can halt active malicious processes, but it also destroys volatile evidence such as memory-resident code and may prevent investigators from examining the running system. Teams should generally document the decision and apply appropriate network containment or evidence-collection procedures first, unless immediate isolation is necessary. For routine shutdowns, access controls should restrict who can power systems off, and full-disk encryption remains important because a powered-off device or removed drive may still expose stored data if stolen.
'Thousands' of US victims, including 12+ machines owned and operated by Redmond