UK, US Sanction Russian Trickbot Cyber Gang

Published: 08 September 2023

UK-USA Sanctioned Cyber BlogThe U.S. and the U.K. authorities introduced sanctions to Russian cybercrime gang. (Photo: U.K. Government, License)

By Zdravko Ljubas

The United States and the United Kingdom sanctioned 11 members of a Russian cybercrime ring behind the Trickbot/Conti ransomware assaults. These attacks targeted vital infrastructure and hospitals during the COVID-19 outbreak.

The group is believed to be linked to Russian intelligence services and may have extorted at least 27 million pounds (US$33.68 million) from 149 U.K. victims and nearly $800 million from Western healthcare institutions and anyone worldwide opposed to Russia's aggression against Ukraine, the U.K. National Crime Agency (NCA) aid Thursday.

The group was named after the Trojan virus it used to infect victims' computerswith, steal their data, and demand ransoms, as stated in a U.S. Department of the Treasury statement.

During the peak of the COVID-19 epidemic in 2020, the Trickbot gang launched a wave of ransomware attacks against hospitals and other healthcare facilities across the U.S.

"In one instance, the Trickbot group deployed ransomware against three Minnesota medical facilities, disrupting their computer networks and telephones and causing a diversion of ambulances," read the Treasury Department's statement.

Some of the sanctioned individuals were involved in management and procurement, while others were coders, developers, and administrators. They are now subject to asset freezes and travel bans in both the UK and the U.S.

The authorities named the following individuals: Andrey Zhuykov, Maksim Galochkin, Maksim Rudenskiy, Mikhail Tsarev, Dmitry Putilin, Maksim Khaliullin, Sergey Loguntsov, Vadym Valiakhmetov, Artem Kurov, Mikhail Chernov, and Alexander Mozhaev.

"These cybercriminals thrive on anonymity, moving in the shadows of the internet to cause maximum damage and extort money from their victims," said UK Foreign Secretary James Cleverly. The sanctions are meant to remove the veil of anonymity the group required to operate with impunity.

The U.S. Department of Justice unsealed "three indictments in three different federal jurisdictions" against the cybercrime actors.

"The United States is resolute in our efforts to combat ransomware and respond to disruptions of our critical infrastructure," said Under Secretary of the Treasury Brian E. Nelson.

He stressed that the U.S., in close coordination with its British partners, will continue to leverage its "collective tools and authorities to target these malicious cyber activities."