Sanctioning Trickbot Cyber Criminals

(FILE) Figures in front of the words "Cyber Attack", binary code and the Russian flag.

The United States and the United Kingdom, sanctioned cyber criminals who have launched a number of ransomware attacks on critical infrastructure.

Your browser doesn’t support HTML5

Sanctioning Trickbot Cyber Criminals

The United States, in coordination with the United Kingdom, sanctioned a group of seven cyber criminals who have launched a number of ransomware attacks on critical infrastructure in both countries. The U.S. Treasury Department’s Office of Foreign Asset Control designated these individuals pursuant to Executive Order 13694, as amended by Executive Order 13757, for their involvement in the Russia-based cybercrime group Trickbot, and activities that pose a significant threat to the national security, foreign policy, or economic health or financial stability of the United States.

Trickbot, first identified in 2016, originally evolved from a trojan virus called Dyre, which targeted online banking of non-Russian entities. Dyre was operated by individuals based in Moscow, Russia. Trickbot later evolved again, into a malware suite with the ability to conduct a variety of illegal cyber activities, including ransomware attacks. It is used by the Russia-based cybercrime gang Trickbot.

Vitaly Kovalev, known online as Bentley or Ben, was a senior figure within the Trickbot Group.

Maksim Mikhailov, or Baget, has been involved in development activity for the Trickbot Group.

Valentin Karyagin, known as Globus, has been involved in the development of ransomware and other malware projects.

Mikhail Iskritskiy’s online alias is Tropa. He has worked on money-laundering and fraud projects for the Trickbot Group.

Dmitry Pleshevskiy, who worked on injecting malicious code into websites to steal victims’ credentials, is also known as Iseldor.

Ivan Vakhromeyev, or Mushroom, has worked for the Trickbot Group as a manager.

Valery Sedletski, known as Strix, was an administrator for the Trickbot Group, and also managed servers.

"Russia is a safe haven for cybercriminals, where groups such as Trickbot freely perpetrate malicious cyber activities against the United States, the United Kingdom, and our allies and partners. These activities have targeted critical infrastructure, including hospitals and medical facilities,” said Secretary of State Antony Blinken in a written statement.

He stressed that “the United States and the United Kingdom are leaders in the global fight against cybercrime and are committed to using all available authorities to defend against cyber threats.”

This action, the first under the UK’s new cyber sanctions authority, “demonstrates our continued commitment to collaborating with partners and allies to address Russia-based cybercrime, and to countering ransomware attacks and their perpetrators,” said Secretary Blinken. “As Russia’s illegal war against Ukraine continues, cooperation with our allies and partners is more critical than ever to protect our national security.”