Fraud Management & Cybercrime , Ransomware

US, UK Sanction 11 Russian Cybercriminals Tied to TrickBot

US Prosecutors Unseal Charges Against TrickBot and Conti Ransomware Operators
US, UK Sanction 11 Russian Cybercriminals Tied to TrickBot

The United States and Great Britain imposed sanctions against nearly a dozen Russian members of the malware gang behind the TrickBot ransomware dropper, and U.S. federal prosecutors said they had filed criminal indictments against nine individuals for their involvement in online crimes including ransomware.

Today's announcement by authorities on each side of the Atlantic is the second time in months that law enforcement has squeezed the TrickBot gang (see: US and UK Sanction Members of Russian TrickBot Gang).

Nine of its members face criminal prosecution in cases filed in U.S. federal courts in Ohio, Tennessee and California. Seven of the defendants are on today's sanctions list.

TrickBot, which was absorbed in 2021 by the now-defunct Conti ransomware-as-a-service group, has drawn special ire in the United States for its targeting of hospitals during the height of the novel coronavirus pandemic. Conti's operators spun off into multiple groups in May 2022, some of which continue to use TrickBot-derived code. Today's announcement comes just days after an international law enforcement operation led by the FBI dismantled the Qakbot botnet, also a vector for ransomware developed by Conti and other Russian-speaking gangs (see: Operation 'Duck Hunt' Dismantles Qakbot).

British and American authorities say the group cultivated ties to Russian intelligence and received tasking orders from the Kremlin. "We know who they are and what they are doing," said U.K. Foreign Secretary James Cleverly. "By exposing their identities, we are disrupting their business models and making it harder for them to target our people, our businesses and our institutions."

Western officials have long accused Russia of acting as a haven for cybercriminals, making containment an explicit policy goal. "We want to shrink the surface of the Earth that people can conduct malicious cyber activity with impunity," a senior White House told reporters in March. "If a criminal is restricted to living in Russia and can't leave the borders, then perhaps that might create a bit of a deterrent effect" (see: Western Capitals Riled by Russian Hacking).

The British National Crime Agency assesses that the combined Conti and TrickBot operation extorted at least 27 million pounds from 149 victims in the United Kingdom, including from schools, hospitals and local businesses.

Among those on the sanctions list is a key figure and senior administrator of the group, Andrey Zhukov - also known as "Defender," "Dif," and "Adam."

The roles of other members ranged from malware developer to human resources.

Sanctioned individuals include Maksim Galochkin, aka Bentley; Maksim Rudenskiy, aka Buza; Mikhail Tsarev, aka Mango; Dmitry Putilin, aka Grad; Maksim Khaliullin, aka Kagas; Sergey Logunstov, aka Zulas; Alexander Mozhaev, aka Green; Vadym Valiakhmetov, aka Weldon; Artem Kurov, aka Naned; and Mikhail Chernov, aka Bullet.

Individuals indicted by U.S. federal prosecutors but not on the sanctions list are Max Mikhaylov, aka Baget; and Valentin Karyagin, aka Globus.

About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.