Security personnel previously moved to disrupt the same group.
(Bloomberg) — The US and UK have imposed sanctions on seven alleged members of a Russia-based cybercrime gang, the first such joint action from the two countries.
The sanctions target accused members of TrickBot ransomware group, which officials say developed a virus first identified by researchers in 2016.
Members of the group are allegedly associated with Russian intelligence services and have carried out malicious cyber activities targeting non-Russian victims since 2014, including a wave of ransomware attacks against critical infrastructure, hospitals and medical facilities in the US, UK and elsewhere, according to the US Department of Treasury. Researchers from Microsoft Corp. temporarily disrupted TrickBot hacking tools prior to the 2020 US presidential election amid concern that Russians would somehow try to interfere with US infrastructure.
“Members of the TrickBot group publicly gloated over the ease of targeting the medical facilities and the speed with which the ransoms were paid to the group,” the Department of Treasury said in a statement on Thursday, citing ransomware attacks against three Minnesota medical facilities that disrupted computer networks and telephones, and caused a diversion of ambulances. A statement from the UK government on Thursday said the sanctions effort “marks the start of a campaign of coordinated action against ransomware actors being led by the UK and US.”
An indictment against one of the seven, Vitaly Kovalev, was also unsealed in the US District Court for the District of New Jersey on Thursday. He’s described as a senior member within the TrickBot group and has been charged with bank fraud predating his involvement within the organization. Bloomberg News couldn’t immediately locate a representative for Kovalev to seek comment.
The other six individuals included in the US Treasury Department’s announcement appear to have worked as leading members of the hacking gang. Maksim Mikhailov, Valentin Karyagin and Dmitry Pleshevskiy are accused of handling malicious software, ransomware development and breaching websites. Ivan Vakhromeyev, Mikhail Iskritskiy and Valery Sedletski allegedly handled other administrative tasks, such as laundering money and managing technical servers.
The new US sanctions block any property owned or controlled by any of the seven Russian nationals targeted in Thursday’s actions, and prohibit any transactions within the US or with American entities. The UK sanctions freeze any assets in the UK and impose travel bans. It was not immediately clear whether the seven people targeted have holdings in the US or UK.
(Updated to include additional context in sixth paragraph.)
More stories like this are available on bloomberg.com
©2023 Bloomberg L.P.