The DOJ claims that Trickbot and Conti malware programmes were utilised by Mikhail Tsarev, Andrey Zhuykov, Maksim Galochkin, Dimitry Putlin, Sergey Loguntsov, Max Mikhaylov, Makism Rudensky, Valentin Karyagin, and Maskim Khaliullin to compromise American computers.
In a statement issued by the Justice Department, Attorney General Merrick Garland said that the defendants were responsible for “one of the most widespread ransomware variants used in cyberattacks across the United States, including attacks on local police departments and emergency medical services.”
According to one indictment unsealed in the Northern District of Ohio, the nine men are accused of installing Trickbot malware on victims’ computers in order to steal their personal information, including passwords and personal identification for things like credit cards and emails, as well as banking credentials. The ransomware was then loaded on the victims’ computers by the hackers after they had infected more devices and used the login information to steal money from their bank accounts, according to the indictment.
Malware known as ransomware threatens to release a victim’s private information or prevent access if a ransom is not paid.
The indictment claims that the accused sent phishing emails to businesses that contained a malicious link or file. It was designed to infect a person’s network when they clicked on it without thinking.
The records state that the men would then demand payment before unlocking the system. Beginning in 2015, the men looked after the software, which the FBI had taken offline last year, according to the DOJ.
According to court filings, the defendants used stolen banking details they obtained by utilising the virus to wire money from a company’s account.
The DOJ statement quoted FBI Director Christopher Wray as saying, “Today’s news demonstrates our continuous commitment to prosecuting the most vile cybercriminals – individuals who have dedicated themselves to causing harm to the American public, our hospitals, schools, and businesses.
“Cybercriminals are aware that we will track them down, relentlessly pursue them, and stop their criminal behaviour using every legal weapon at our disposal. No matter where these criminals try to hide, we will keep imposing costs through combined operations with our federal and international partners, Wray continued.
The indictments against the defendants, according to Garland, demonstrate “that they cannot hide from the United States Department of Justice.”
Many of the accused are under investigation for cybercrimes in Tennessee, California, and Ohio.
According to the Southern District of California indictment, Galochkin, one of the plot’s organisers, used the Trickbot spinoff malware Conti to breach the Scripps Healthcare network. They allegedly harmed more than 900 people’s computers through the Scripps Healthcare breach, according to the indictment. Additionally, the hackers took the data of 150,000 patients, according to Scripps Healthcare.
According to court records, the Scripps Healthcare hack caused a delay in receiving patient information and scheduling checkups.
A federal grand jury in the Middle District of Tennessee produced an indictment accusing Galochkin, Rudenskiy, Tsarev, and Zhuykov with conspiring to use the same Conti ransomware to attack corporations, nonprofit organisations, and governmental entities in the United States for two years, beginning in 2020.
According to the Justice Department, all of the men are thought to be in Russia and do not have American attorneys.
It is unlikely that the guys will ever be brought to prison, but their ability to travel outside of Russia has already been severely restricted, according to Javed Ali, a former senior director for counterterrorism at the National Security Council, who spoke to ABC News.
According to Ali, who is currently an associate professor at the Ford School of Public Policy at the University of Michigan, the recent indictments by the Department of Justice of nine people connected to the Russian-based hacking group Trickbot highlight how the United States continues to use law enforcement investigations and criminal prosecutions as a policy tool to exert pressure and hold criminals accountable for cyberattacks involving ransomware and other methods.