Trickbot: US and UK announces sanctions against 7 Russian cyberciminals

Rick Steves

Seven individuals were ID’ed by the United States and the United Kingdom as part of the Russia-based cybercrime gang Trickbot, in an attempt to disrupt Russian cybercrime and ransomware.

Seven individuals were ID’ed by the United States and the United Kingdom as part of the Russia-based cybercrime gang Trickbot, in an attempt to disrupt Russian cybercrime and ransomware.

In Russia, cybercriminals like Trickbot freely perpetrate malicious cyber activities against the U.S., the U.K., and allies and partners, targeting critical infrastructure, including hospitals and medical facilities during a global pandemic, according to the announcement.

Last month, Treasury’s Financial Crimes Enforcement Network (FinCEN) identified a Russia-based virtual currency exchange, Bitzlato Limited, as a “primary money laundering concern” in connection with Russian illicit finance. For more on this, click here.

In early February, ION Cleared Derivatives was victim of Russia-based ransomware gang LockBit. The hack forced several European and U.S. banks to revert to manual processes. The firm had until 6 February to pay the ransom, which was allegedly paid, according to the gang, who said it provided a decryption key to ION.

The 2021 Sanctions Review found that sanctions are most effective when coordinated with international partners and highlights the deepened partnership between OFAC and the UK’s Office of Financial Sanctions Implementation.

“Cyber criminals, particularly those based in Russia, seek to attack critical infrastructure, target U.S. businesses, and exploit the international financial system. The United States is taking action today in partnership with the United Kingdom because international cooperation is key to addressing Russian cybercrime”, said Under Secretary Brian E. Nelson.

Who is Trickbot?

Trickbot, first identified in 2016 by security researchers, was a trojan virus that evolved from the Dyre trojan. Dyre was an online banking trojan operated by individuals based in Moscow, Russia, that began targeting non-Russian businesses and entities in mid-2014.

Dyre and Trickbot were developed and operated by a group of cybercriminals to steal financial data. The Trickbot trojan viruses infected millions of victim computers worldwide, including those of U.S. businesses, and individual victims.

It has since evolved into a highly modular malware suite that provides the Trickbot Group with the ability to conduct a variety of illegal cyber activities, including ransomware attacks.

During the height of the COVID-19 pandemic in 2020, Trickbot targeted hospitals and healthcare centers, launching a wave of ransomware attacks against hospitals across the United States.

In one of these attacks, the Trickbot Group deployed ransomware against three Minnesota medical facilities, disrupting their computer networks and telephones, and causing a diversion of ambulances. Members of the Trickbot Group publicly gloated over the ease of targeting the medical facilities and the speed with which the ransoms were paid to the group.

Whoever engages with them could also be sanctioned

Current members of the Trickbot Group are associated with Russian Intelligence Services, said the official announcement, adding they are aligned with Russian state objectives.

The US and UK authorities point to Vitaly Kovalev as a senior figure within the Trickbot Group and charging him with conspiracy to commit bank fraud and eight counts of bank fraud in connection with a series of intrusions into victim bank accounts held at various U.S.-based financial institutions that occurred in 2009 and 2010, predating his involvement in Dyre or the Trickbot Group.

Other individuals related to the Trickbot Group include Maksim Mikhailov, Valentin Karyagin, Mikhail Iskritskiy, Dmitry Pleshevskiy, Ivan Vakhromeyev, and Valery Sedletski.

As a result of today’s action, all property and interests in property of the individuals that are in the United States or in the possession or control of U.S. persons must be blocked and reported to OFAC.

OFAC’s regulations generally prohibit all dealings by U.S. persons or within the United States (including transactions transiting the United States) that involve any property or interests in property of blocked or designated persons.

In addition, persons that engage in certain transactions with the individuals designated today may themselves be exposed to designation. Furthermore, any foreign financial institution that knowingly facilitates a significant transaction or provides significant financial services for any of the individuals or entities designated today could be subject to U.S. correspondent or payable-through account sanctions.

  • Read this next

    Institutional FX

    SEC closer to approve 24X’s application for a pioneering 24/7 trading venue

    “Opening the first-ever exchange offering around-the-clock trading in U.S. equities is unprecedented and would create major new opportunities for broker-dealers and their institutional and retail customers around the world. 24 Exchange is excited at the potential for bringing these opportunities to the global market for U.S. equities.”

    Digital Assets

    Shiba Inu Enhances Privacy & Security with New Encryption

    SHIB, the force behind the Shiba Inu cryptocurrency, today introduced Fully Homomorphic Encryption (FHE) into its platform, ensuring unmatched data protection for its users.

    Digital Assets

    Binance Broadens Its VIP Invitation Program for Traditional Asset Traders

    Step Into the Future of Trading: Binance Invites Traditional Asset Traders to Join Its Exclusive VIP Program

    Digital Assets

    Algotech Presale Revolutionizes DeFi Scene, Surpassing $1 Million Raised in Just Weeks

    Emerging Cryptocurrency trading platform Algotech (ALGT) known to be famous with its cutting-edge features. The TradFi platform features advanced algorithms to provide a competitive edge to traders. 

    Fintech

    Revolut enables direct transfers from Singapore to Bangladesh and Kenya

    British fintech firm Revolut has broadened its array of services with the introduction of the “Mobile Wallets” feature in Singapore, facilitating direct money transfers to Bangladesh and Kenya.

    Digital Assets

    SBF claims “zero loss” to FTX customers, 100-year sentence is “grotesque”

    Sam Bankman-Fried, the former FTX CEO who was found guilty of fraud charges last year, is facing his sentencing next month. But before that day arrives, he’s making a plea for what he considers a fair shake.

    Digital Assets

    Bitcoin nears $62,000, sparking retail buying frenzy

    Bitcoin dashed past the $61,000 barrier on Wednesday, a peak it hadn’t touched since the waning days of November 2021.

    Market News

    OPEC+ Extension of Oil Output Cut Causes Rally

    The dynamics surrounding crude oil are indeed fascinating, given its unique role as both a globally traded commodity and a vital energy source deeply influenced by the OPEC+ alliance’s decisions.

    Institutional FX

    DKK reports 226% growth in 2023 with eyes on African expansion

    “Our numbers are beginning to show how we are powering, the growth required by emerging markets, and we plan for the success of our strategies to continue to thrive in 2024.”

    <