View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
February 10, 2023

TrickBot ransomware gang members sanctioned by UK and US

The international campaign has also targeted notorious ransomware gangs Ryuk, Conti and Wizard Spider.

By Claudia Glover

Seven cybercriminals belonging to notorious malware empire TrickBot have been hit with sanctions by the US and the UK in a coordinated anti-cybercrime campaign. The operation also targets Ransomware-as-a-Service gangs including Conti and Ryuk, which are said to have extorted £27m from 149 UK companies.

NCA leads campaign against international cybercrime. (Photo by William Barton/Shutterstock)

The National Crime Agency (NCA) has sanctioned seven Russian nationals who are accused of being members of TrickBot. The campaign was led by the NCA, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC), the UK’s Foreign Commonwealth and Development Office (FCDO), and officials from the Treasury, with the aim of disrupting Russian hackers.

Seven TrickBot members sanctioned by the NCA

The NCA says the campaign is ongoing and will continue to pursue all investigative lines of enquiry to disrupt the ransomware threat to the UK in collaboration with its international partners.

It has targeted TrickBot, as well as notorious ransomware gangs Conti, Ryuk and Wizard Spider, also known as Darkside, the gang who implemented the now famous attack on the US Colonial Pipeline, which led to US President Joe Biden delaring a state of national emergency.

Conti and Ryuk have been actively targeting UK organisations, infiltrating 149 businesses to rob them of a combined £27m, the NCA said. The groups were responsible for attacks on schools, businesses and local authorities, and globally Conti is said to have stolen $180m in 2021 alone.

TrickBot originated as a banking trojan, but is not considered to be a modular malware enterprise, associated with follow-on ransomware infections. But its empire now includes numerous plug-in modules, crypto-mining and persistence capabilities. In 2020 the US cyber command acted to blunt TrickBot’s reach in a bid to protect the US election infrastructure, according to a report by the Centre for International Security.

The names of the criminals affected by the sanctions are Vitaliy Kovalev, Valery Sedletski, Valentin Karyagin, Maksim Mikhailov, Dmitry Pleshevsky, Mikhail Iskritskiy and Ivan Vakhromeyev. They will be stopped from accessing financial services around the world.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

The sanctions are “the first of their kind for the UK” according to Graeme Biggar, director general of the National Crime Agency. “They signal the continuing campaign targeting those responsible for some of the most sophisticated and damaging ransomware that has impacted the UK and our allies,” Biggar said. “They show that these criminals and those that support them are not immune to UK action, and this is just one tool we will use to crack down on this threat and protect the public,” he said.

Security Minister Tom Tugendhat added: “We’re targeting cyber criminals who have been involved in some of the most prolific and damaging forms of ransomware. Ransomware criminals have hit hospitals and schools, hurt many and disrupted lives, at great expense to the taxpayer.

“Cyber crime knows no boundaries and threatens our national security. These sanctions identify and expose those responsible.”

Read more: Is Emotet gone for good?

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.