Fraud Management & Cybercrime , Ransomware
US, UK Sanction 11 Russian Cybercriminals Tied to TrickBot
US Prosecutors Unseal Charges Against TrickBot and Conti Ransomware OperatorsThe United States and Great Britain imposed sanctions against nearly a dozen Russian members of the malware gang behind the TrickBot ransomware dropper, and U.S. federal prosecutors said they had filed criminal indictments against nine individuals for their involvement in online crimes including ransomware.
See Also: Critical Condition: How Qilin Ransomware Endangers Healthcare
Today's announcement by authorities on each side of the Atlantic is the second time in months that law enforcement has squeezed the TrickBot gang (see: US and UK Sanction Members of Russian TrickBot Gang).
Nine of its members face criminal prosecution in cases filed in U.S. federal courts in Ohio, Tennessee and California. Seven of the defendants are on today's sanctions list.
TrickBot, which was absorbed in 2021 by the now-defunct Conti ransomware-as-a-service group, has drawn special ire in the United States for its targeting of hospitals during the height of the novel coronavirus pandemic. Conti's operators spun off into multiple groups in May 2022, some of which continue to use TrickBot-derived code. Today's announcement comes just days after an international law enforcement operation led by the FBI dismantled the Qakbot botnet, also a vector for ransomware developed by Conti and other Russian-speaking gangs (see: Operation 'Duck Hunt' Dismantles Qakbot).
British and American authorities say the group cultivated ties to Russian intelligence and received tasking orders from the Kremlin. "We know who they are and what they are doing," said U.K. Foreign Secretary James Cleverly. "By exposing their identities, we are disrupting their business models and making it harder for them to target our people, our businesses and our institutions."
Western officials have long accused Russia of acting as a haven for cybercriminals, making containment an explicit policy goal. "We want to shrink the surface of the Earth that people can conduct malicious cyber activity with impunity," a senior White House told reporters in March. "If a criminal is restricted to living in Russia and can't leave the borders, then perhaps that might create a bit of a deterrent effect" (see: Western Capitals Riled by Russian Hacking).
The British National Crime Agency assesses that the combined Conti and TrickBot operation extorted at least 27 million pounds from 149 victims in the United Kingdom, including from schools, hospitals and local businesses.
Among those on the sanctions list is a key figure and senior administrator of the group, Andrey Zhukov - also known as "Defender," "Dif," and "Adam."
The roles of other members ranged from malware developer to human resources.
Sanctioned individuals include Maksim Galochkin, aka Bentley; Maksim Rudenskiy, aka Buza; Mikhail Tsarev, aka Mango; Dmitry Putilin, aka Grad; Maksim Khaliullin, aka Kagas; Sergey Logunstov, aka Zulas; Alexander Mozhaev, aka Green; Vadym Valiakhmetov, aka Weldon; Artem Kurov, aka Naned; and Mikhail Chernov, aka Bullet.
Individuals indicted by U.S. federal prosecutors but not on the sanctions list are Max Mikhaylov, aka Baget; and Valentin Karyagin, aka Globus.