On Thursday, the United States, for the first time, together with the United Kingdom, imposed sanctions against Trickbot, a criminal group of hackers based in Russia which used ransomware to demand ransoms from companies around the world and attacked hospitals, schools and other institutions. during the global COVID-19 pandemic. .
This is reported in Press release from the Ministry of Finance .
The document points out that “Russia is a haven for cybercriminals, where groups like Trickbot freely carry out malicious activities in cyberspace against the United States, the United Kingdom, their allies and partners.”
The Ministry of Finance described the Trickbot group as “a well-known cyber group in Russia” and explained that “current hackers of this group are associated with Russian special services”. The document notes that “the Trickbot group’s actions in 2020 coincided with Russian intelligence objectives and included attacks on US government servers and US companies.”
6 Russians, members of the cyber group Trickbot, fell under the sanctions:
Vitaly Kovalev, who held a leadership position in this cybergroup and is also known by the pseudonyms “Bentley” and “Ben”;
Valentin Karyagin, known under the pseudonym “Globe”;
Mikhail Iskritsky, known as “Path”;
Dmitry Pleshevsky, known under the pseudonym “Izeldor”;
Ivan Vakhromeev, known under the pseudonym “Mushroom”;
Valery Sedletsky, known as “Strix”;
as well as Maxim Mikhailov, known under the pseudonym “Baguet” and who has a passport from Ukraine.
Trickbot, a Trojan horse virus first identified by security experts in 2016, was based on Dyre, a ransomware designed to steal financial data from online banking services. It was controlled by pirates from Moscow. In mid-2014 they started attacking businesses and organizations outside of Russia.
Trickbot has infected millions of computers worldwide, including those of American businesses and individuals. It has since evolved into a modular malware suite that gives the Trickbot group the ability to carry out various illegal activities, including ransomware attacks. During the height of the COVID-19 pandemic in 2020, Trickbot attacked hospitals and medical centers, launching a wave of ransomware attacks against hospitals across the United States.
In one such attack, the Trickbot group hacked into the computer networks of 3 medical facilities in Minnesota, disrupting their computer networks and phones. This prevented ambulances from responding to urgent calls.
Members of the Trickbot cybergroup have publicly gloated at the ease with which medical facilities were attacked and the speed with which ransoms were paid to them.
Secretary of State Anthony Blinken, in a statement on Thursday’s sanctions against Russian hackers, said “the United States will continue to work with the United Kingdom and other international partners to expose and stop cybercrime. from Russia”.
The UK Foreign Office reported 149 victims of cyberattacks of which, with the help of Conti and Ryuk ransomware, cybercriminals seized around 27 million pounds ($32.85 million).
UK Foreign Secretary James Cleverley said Thursday’s sanctions send “a clear signal to all cybercriminals who use ransomware that they will be held accountable”.