Authorities in the United States and the United Kingdom have imposed sanctions on eleven Russian nationals allegedly linked to the Trickbot malware and Conti ransomware operations.
Furthermore, these individuals are said to have played key roles in managing and procuring for the Trickbot group, which has ties to Russian intelligence services. The Trickbot group is infamous for its involvement in a banking trojan and botnet scheme responsible for stealing over $180 million worldwide.
In addition to the sanctions, the U.S. Department of Justice has unsealed indictments against seven of these individuals.
The sanctioned individuals include Andrey Zhuykov, Maksim Galochkin, Maksim Rudenskiy, Mikhail Tsarev, Dmitry Putilin, Maksim Khaliullin, Sergey Loguntsov, Vadym Valiakhmetov, Artem Kurov, Mikhail Chernov, and Alexander Mozhaev.
All of them are now subject to travel bans and asset freezes, severely restricting their access to the legitimate global financial system. The Trickbot group has been a target of law enforcement for years and is believed to have extorted significant sums from victims worldwide. This includes £27 million ($33 million) from 149 victims in the UK, spanning hospitals, schools, local authorities, and businesses.
Additionally, the sanctions have been described as a continuation of the campaign against international cybercriminals. While many of the names on the list had not been publicly associated with Trickbot, some had previously been identified by security blogger Dario Fadda based on chat logs released in March 2022 by a Twitter account called Trickleaks.
These chat logs, akin to the “Panama Papers” of the ransomware world, helped researchers identify and expose numerous members of the criminal network. The sanctions aim to disrupt the business models of these cybercriminals and make it more difficult for them to target individuals, businesses, and institutions, sending a message that they cannot act with impunity.
