Handcuffs and computer keyboard on table showing sanctions for cybercrime gangs

US and UK Authorities Have Sanctioned Conti Ransomware and TrickBot Cybercrime Gangs

The United States and the United Kingdom have sanctioned eleven individuals for their involvement with Conti ransomware and TrickBot cybercrime gangs.

The U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) and the UK’s Foreign Office targeted the individuals for assisting the cybercrime groups materially as administrators, managers, or software developers.

The U.S. Department of Justice will also unseal indictments against nine suspects, including seven designated individuals, for participating in Conti ransomware and TrickBot operations.

The indictments were part of the U.S. Department of Justice’s efforts to address the cyber threats facing U.S. businesses and government entities.

Conti and TrickBot cybercrime gangs aided Russian cyberespionage

The U.S. Treasury Department accused the individuals of aiding Russian intelligence services in achieving the country’s objectives by targeting the country’s critical infrastructure.

“Today’s targets include key actors involved in management and procurement for the TrickBot group, which has ties to Russian intelligence services and has targeted the U.S. Government and U.S. companies, including hospitals,” the USDT said.

According to the UK’s National Crime Agency (NCA), members of the cybercrime gangs extorted $180 million from victims globally, £27 million ($33.7m) from 149 UK victims, and targeted hospitals, schools, local authorities, and businesses.

The sanctions prevent US and UK entities from transacting with the suspects or risk similar sanctions. Foreign financial institutions that facilitate transactions with the individuals could also be subject to regulatory action by the US and UK governments.

“In addition, persons that engage in certain transactions with the individuals designated today may themselves be exposed to designation,” the U.S. Department of Treasury highlighted.

Additionally, they must block and report any property owned or of interest to the sanctioned individuals.

Subsequently, ransom negotiation firms and victims would face regulatory actions for facilitating or paying the ransom. However, organizations facing “mitigating factors” requiring ransom payment could obtain clearance from the OFAC to proceed.

According to UK authorities, sanctioning the cybercrime groups’ members undermines their ability to monetize their activities, thus making it harder for them to target US and UK organizations.

List of Conti and TrickBot members sanctioned by the US and UK governments

The US and UK authorities have published the names and pseudonyms or monikers used by members of the Conti ransomware and TrickBot cybercrime gangs for easy identification and reporting.

“These cyber criminals thrive off anonymity, moving in the shadows of the internet to cause maximum damage and extort money from their victims,” said Foreign Secretary James Cleverly.

“Our sanctions show they cannot act with impunity. We know who they are and what they are doing.”

All designated individuals are Russian nationals, unlikely to face extradition to the United States by Russia, especially during the ongoing Ukraine conflict.

The West accuses of providing a haven for cybercrime gangs targeting Western businesses, government agencies, and infrastructure, sometimes with the Kremlin’s authorization.

“With Conti being closely affiliated with the Russian government, it’s highly unlikely they will be forced out of the country to be tried in court in the US or UK,” said Mike Newman, CEO of My1Login. “The attackers will likely be able to continue with their lives as normal in Russia, but the public naming does demonstrate to the attackers that the UK and US government got deep into their infrastructure and were able to work out their identities.”

Newman warned that while Conti and TrickBot operations might be impacted, other cybercrime gangs would continue to wreak havoc.

“While Conti may be [a] cybercrime nightmare from the past, other dangerous gangs still exist, so organizations must never let down their guard,” advised Newman.

Meanwhile, the authorities sanctioned Andrey Zhuykov, known by online aliases Dif and Defender, for being the central figure in the TrickBot group operation and a senior administrator.

Maksim Galochkin, known by online pseudonyms Bentley, Crypt, and Volhvb, allegedly “led a group of testers, with responsibilities for development, supervision, and implementation of tests.”

Maksim Rudenskiy is a team lead for TrickBot coders.

Mikhail Tsarev (online monikers Alexander Grachev, Mango, Super Misha, Ivanov Mixail, Misha Krutysha, and Nikita Andreevich Tsarev) was a manager and oversaw the gang’s human resources and finance.

Dmitry Putilin (online monikers Grad and Staff) was responsible for purchasing TrickBot infrastructure.

Maksim Khaliullin (online moniker Kagas) was a TrickBot HR manager and purchased TrickBot Virtual Private Servers.

Sergey Loguntsov worked as a developer for the TrickBot operation.

Vadym Valiakhmetov (online monikers Weldon, Mentos, and Vasm) was a coder for the Trickbot group.

Artem Kurov (online moniker Naned) was a coder with development duties.

Mikhail Chernov (online moniker Bullet) was part of the internal utilities group for the TrickBot operation.

US and UK authorities have sanctioned 11 Russian nationals for their leading roles in the Conti #ransomware and TrickBot #cybercrime gangs. #cybersecurity #respectdataClick to Tweet

Alexander Mozhaev (online monikers Green and Rocco) was responsible for general administrative duties.

In February 2023, the US and UK sanctioned seven members of the TrickBot and Conti ransomware cybercrime gangs and unsealed indictments against them.