Trickbot is notorious for helping cybercriminals spread ransomware, and the US is alleging that current members have ties to Russian intelligence services.
The US and UK say they've identified seven members of Trickbot, a cybercriminal gang notorious for spreading malware and ransomware to victims across the globe.
On Thursday, the countries sanctioned seven Russian nationals for allegedly being members of the Trickbot gang. In addition, the US is accusing Trickbot of having ties to Russian intelligence services, citing the gang’s efforts to target the US government and companies.
The sanctions essentially represent an effort to name-and-shame the hackers when Russia has long refused to extradite suspected cybercriminals to the US for trial. The sanctions(Opens in a new window) from the US Treasury offer the Russian nationals' full names, their birth dates, online monikers, and known email addresses.
The sanctions outlaw anyone in the US from conducting business with the seven Russian nationals. In addition, the UK says(Opens in a new window) it’s already frozen assets belonging to the identified Russians and imposed travel bans against them. “By sanctioning these cyber criminals, we are sending a clear signal to them and others involved in ransomware that they will be held to account,” says UK Foreign Secretary James Cleverly.
Trickbot(Opens in a new window) originally emerged in 2016 as a trojan designed to steal banking credentials from computers. The gang behind the malware was able to successfully spread it to over a million devices, thanks to email-based phishing attacks. The developers behind Trickbot then evolved the malicious program to help cybercriminals install other kinds of malware on victim computers. This has included ransomware, which can encrypt entire fleets of computers, shutting down access until the victim pays up in cryptocurrency.
“During the height of the COVID-19 pandemic in 2020, Trickbot targeted hospitals and healthcare centers, launching a wave of ransomware attacks against hospitals across the United States,” the US Treasury Department says. “Members of the Trickbot Group publicly gloated over the ease of targeting the medical facilities and the speed with which the ransoms were paid to the group.”
US cyber authorities also named Trickbot as one of the top malware strains(Opens in a new window) of 2021. "TrickBot malware often enables initial access for Conti ransomware, which was used in nearly 450 global ransomware attacks in the first half of 2021. As of 2020, malicious cyber actors have purchased access to systems compromised by TrickBot malware on multiple occasions to conduct cybercrime operations," the Cybersecurity and Infrastructure Security Agency said last year.
How the US and UK identified the members of Trickbot remain unclear. But federal agents have no doubt been monitoring the group’s activities in an effort to shut them down. The seven Russian nationals sanctioned include Vitaly Kovalev, who the US says was a “senior figure” within the gang.
Other sanctioned individuals Maksim Mikhailov, Valentin Karyagin, Dmitry Pleshevskiy, Ivan Vakhromeyev, and Valery Sedletski, who worked as administrators and managers, or helped develop malware strains for the group. Meanwhile, Mikhail Iskritskiy allegedly focused on money-laundering and fraud projects for Trickbot.
Recommended Comments
There are no comments to display.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.