Russia's Trickbot Ransomware Gang Faces US, UK Sanctions

The sanctions froze the US and UK assets of these seven individuals.

FRANCE-INTERNET-INFORMATION-TECHNOLOGY-SECURITY-COMPUTER
This picture taken on November 3, 2016 shows on a screen viruses list at the LHS (High Security Laboratory) of the INRIA (National Institute for Research in Computer Science and Automation) in Rennes. - Paradise where computer viruses blossom under the watchful eye of scientists, the Laboratory of high security (LHS-PEC) of Rennes is a small fortress from where emerge the first studies on the "ransomwares", those digital brigands which Dominate the malware market. DAMIEN MEYER/AFP via Getty Images

Seven Russians have been sanctioned by the US and UK for their roles in the cybercrime organization TrickBot. The gang's software was used to bolster attacks by the Conti and Ryuk ransomware operations.

According to BleepingComputer, the TrickBot group is a criminal organization that has created many families of malware, including the eponymous TrickBot virus as well as BazarBackdoor, Anchor, and BumbleBee.

TrickBot Scheme

Initially, TrickBot was a banking trojan sent out through phishing emails and used to get into users' online bank accounts. The Ryuk/Conti ransomware organization eventually adapted it into malware aimed at gaining first access to business networks.

The virus' widespread detection by security tools prompted the creation of additional malware families, including BazarBackdoor, Anchor, and BumbleBee, which are capable of more covertly infecting their targets.

The TrickBot group's malware development was eventually taken over by the Conti ransomware gang, who used it to further their own ransomware schemes.

The malware group is responsible for or has been directly involved in a number of high-profile ransomware attacks, such as those against the Health Service Executive in Ireland, multiple hospitals in the US, and the Costa Rican government.

These threat actors, according to the UK, were involved in at least 149 assaults on British citizens and companies, earning at least £27 million ($32 million) in ransom.

It is estimated that £17 million ($20 million) was paid out by 45 victims of the Ryuk virus and £10 million ($12 million) by 104 victims of the Conti malware in the UK.

Sanctioned Individuals

"The United States, in coordination with the United Kingdom, is designating seven individuals who are part of the Russia-based cybercrime gang Trickbot," as the US Department of the Treasury announced.

The sanctions were imposed after a vast collection of private communications and other material belonging to members of the hacking groups Conti and TrickBot was exposed, respectively.

Unlike the ContiLeaks, which mostly exposed private chats and code, the TrickLeaks exposed the names, online profiles, and personal information of TrickBot members on Twitter.

In response to these data thefts, the Conti gang disbanded, and some of its members went on to launch other ransomware campaigns or join existing ones.

All of the following persons have had their access to their US and UK assets frozen as a consequence of these penalties: Vitaly Kovalev, Maksim Mikhailov, Valentin Karyagin, Mikhail Iskritskiy, Dmitry Pleshevskiy, Ivan Vakhromeyev, and Valery Sedletski.

Furthermore, people and businesses are prevented from communicating with or transacting with these blacklisted individuals. Prohibited activities include paying any ransoms that may be demanded.

The Department of Treasury has issued a warning to anybody doing business with the people identified, saying that they too might be targeted for designation.

Trisha Andrada
Tech Times
ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics