Eleven members of the Russian-based Trickbot cybercrime gang were sanctioned by the United States in cooperation with the United Kingdom. The Trickbot group and other cybercriminals have long found refuge in Russia. The Office of Foreign Assets Control (OFAC) of the U.S. Department of the Treasury took today’s action. Indictments against nine people, including seven of the people named today, are being unsealed by the U.S. Department of Justice (DOJ) in connection with the Trickbot malware and Conti ransomware scams.
Targets of the Trickbot organisation, which has ties to Russian intelligence services and has attacked the U.S. Government and U.S. enterprises, including hospitals, include significant players in management and procurement today. The Trickbot organisation attacked numerous American healthcare and critical infrastructure organisations during the COVID-19 epidemic.
Under Secretary of the Treasury Brian E. Nelson declared, “The United States is resolute in our efforts to combat ransomware and address disruptions of our critical infrastructure.” “The United States will continue to use our collective tools and authorities to target these malicious cyber activities in close coordination with our British partners.”
Administrators, managers, developers, and programmers who have substantially aided the Trickbot organisation in its operations are the targets chosen today. This designation follows the first joint U.S.-UK cyberdesignation of multiple Trickbot group members in February 2023, the first under the UK’s new cyber authority, and is a part of ongoing U.S. and UK cooperation efforts to combat Russian cybercrime and ransomware. Treasury worked closely with UK partners such His Majesty’s Treasury, the Foreign, Commonwealth, and Development Office, and the National Crime Agency. The United States and the United Kingdom have vowed to continue pursuing ransomware operators and dealing with Russian cybercrime with today’s move.
Security experts initially discovered the trojan malware Trickbot in 2016, which was an evolution of the Dyre trojan. The Dyre online banking Trojan was run by individuals located in Moscow, and it started attacking non-Russian companies and organisations in the middle of 2014. A group of fraudsters created and ran the programmes Dyre and Trickbot to steal financial information from targets outside of Russia. Worldwide, the Trickbot malware infected millions of victim computers, including American computers.
both companies and individuals. Since then, it has developed into a highly adaptable malware suite that enables the Trickbot group to carry out a range of nefarious online operations, including ransomware. The Trickbot organisation unleashed a wave of ransomware interruptions against hospitals and other healthcare facilities across the United States in 2020, at the height of the COVID-19 pandemic. In one incident, the Trickbot group used ransomware against three medical facilities in Minnesota, causing computer and phone network disruptions as well as an ambulance diversion. Members of the Trickbot group openly gloated over how simple it had been to attack the hospitals and how quickly the ransoms had been paid.
There is a connection between Trickbot gang members and Russian intelligence agencies. In 2020, the Trickbot gang made preparations that were in line with Russian state goals and activities carried out by the Russian intelligence services. Targets included the American government and American businesses.
All property and interests in property of the individuals that are in the United States or in the possession or control of American citizens must be blocked and reported to OFAC as a result of today’s order. The rules of OFAC typically forbid any transactions involving any property or interests in property of blocked or designated individuals by U.S. persons or within the United States (including transactions transiting the United States).
Additionally, any who conduct certain transactions with the people listed today may be subject to designation themselves. Furthermore, U.S. correspondent or payable-through account sanctions may be imposed on any foreign financial institution that knowingly facilitates a large transaction or renders significant financial services for any of the people or entities listed today.
The legitimacy and authority of OFAC sanctions come from both its capacity to add people to the Specially Designated Nationals and Blocked Persons (SDN) List and its willingness to do so in a manner that is legal. The main objective of sanctions is to influence behaviour in a good way rather than to punish. Please visit OFAC’s Frequently Asked Question 897 for details on how to request removal from an OFAC list, including the SDN List. For thorough details on how to make a request to be taken off an OFAC sanctions list,