US and UK Sanction 11 TrickBot and Conti Cybercrime Gang Members

Cyber Security Threat Summary:
The USA and the United Kingdom have sanctioned eleven Russian nationals associated with the TrickBot and Conti ransomware cybercrime operations. The TrickBot malware operation launched in 2015 and focused on stealing banking credentials. However, over time, it developed into a modular malware that provided initial access to corporate networks for other cybercrime operations, such as Ryuk and, later, Conti ransomware operations. After numerous takedown attempts by the U.S. government, the Conti ransomware gang took control of the TrickBot operation and its development, using it to enhance more advanced and stealthy malware, such as BazarBackdoor and Anchor. However, after Russia invaded Ukraine, a Ukrainian researcher leaked Conti ransomware gang's internal communications in what is known as the Conti Leaks. Soon after, another unknown individual, under the moniker TrickLeaks, started to leak information about the TrickBot operation, further illustrating the ties between the two groups. Ultimately, these leaks led to the shutdown of the Conti ransomware operation, which has now splintered into numerous other ransomware operations, such as Royal, Black Basta, and ZEON” (Bleeping Computer, 2023).

Security Officer Comments:
The eleven individuals include Andrey Zhuykov, Maksim Galochkin, Maksim Rudenskiy, Mikhail Tsarev, Dmitry Putilin, Maksim Khaliullin, Sergey Loguntsov, Vadym Valiakhmetov, Artem Kurov, Mikhail Chernov, Alexander Mozhaev. These individuals have participated in cybercrime activities that have led to the theft of 180 million dollars worldwide and at least £27m from 149 UK victims, targeting hospitals, schools, and local authorities and businesses. Some of the members seem to be closely associated with Russian intelligence services, with their activities aligning with the interests of the Russian government. Due to the latest sanctions imposed, all organizations in the United Kingdom and the USA have been prohibited from conducting financial transactions with these individuals. As such, this may put a halt in actors’ operations, as it will be difficult to get ransom payments victims.