US, UK take new action against Russia’s ‘Trickbot’ cyber gang

By Raphael Satter and Susan Heavey

WASHINGTON (Reuters) -The United States and Britain have sanctioned additional members of a Russian hacking gang known as Trickbot and U.S. officials have indicted nine people with ties to the group’s malicious software and the Conti ransomware schemes, the U.S. Treasury Department and the British Foreign Office said on Thursday.

The two countries previously imposed sanctions against seven leading members of Trickbot in February, noting the group’s role in targeting hospitals during the COVID-19 pandemic as well as the U.S. government and American companies.

Treasury said Thursday’s action targeted “key actors involved in management and procurement for the Trickbot group,” and cited the gang’s ties to Russian intelligence services. British Foreign Secretary James Cleverly said the move was an attempt to disrupt their business model and strip them of their anonymity.

“We know who they are and what they are doing,” he said in a statement.

While such sanctions tend to be largely symbolic given that Russia is already heavily sanctioned and cybercriminals based there tend to steer clear of the United States or Britain, officials have said they can make it harder for hackers to launder money.

The U.S. Justice Department was also unsealing indictments against nine individuals tied to the gang, British and American officials said.

The Department of Justice did not return a message, but a federal indictment unsealed Wednesday showed that at least four alleged members of the group – Maksim Galochkin, Maksim Rudenskiy, Mikhail Mikhailovich Tsarev and Andrey Yuryevich Zhuikov – were being charged in Tennessee with conspiring to use the Conti strain of ransomware to extort victims into making digital payments.

Reuters could not immediately locate contact information for the men.

Trickbot draws its name from the eponymous suite of malware tools that the gang members use to hack and extort their victims. The rogue program, whose roots stretch back at least a decade, has been used to infect millions of computers worldwide, Treasury said. British officials said the Trickbot gang had extorted at least $180 million from people across the globe.

The Russian Embassy in Washington did not immediately return an email seeking comment on the announcement.

(Reporting by Susan Heavey and Raphael Satter; editing by Doina Chiacu, Alexandra Hudson)

tagreuters.com2023binary_LYNXMPEJ860KY-VIEWIMAGE