Domain names are sold around the world, a profitable business, but Ms. Hogan-Burney said she had no illusions that the group would be permanently disabled. “We’ve cut off their arms, for a while,” she said.
Necurs is not believed to be a state-sponsored Russian group. But intelligence officials say it is tolerated by the Russian state, and on regular occasions the Kremlin’s intelligence services use private actors to pursue their goals. The Internet Research Agency, which mounted the social media disinformation campaign on Facebook and other platforms during the 2016 American president election, was a private group, though founded by a close friend of President Vladimir V. Putin of Russia.
By Tuesday’s end, there was satisfaction that, for the 18th time in 10 years, Microsoft had taken down a digital criminal operation. But it was unclear whether anyone would be indicted, or even if indicted, whether they would ever face a trial.
Microsoft executives acknowledged that this was a game of whack-a-mole, and that the creators of Necurs and groups like it would be back.
“The cybercriminals are incredibly agile,” said Tom Burt, the executive who leads Microsoft’s security and trust operations, “and they come back more sophisticated, more complex. It is an ultimate cat-and-mouse game.”
The next battlefield, he said, would be the 2020 presidential election.
“We expect the volume and sophistication of the adversary attacks to accelerate as we get closer to Election Day,” he said.
“They will play many of the same moves they used in 2016,” Mr. Burt said. “But they will use others as well,” including the possibility of ransomware that locks up local voter registration systems, a major fear of election officials across the United States.
“The trick this time is to be ready, agile and aware that we have to be one step ahead,” he said.