The Russia-based Trickbot and Conti cybercrime syndicates are facing increased pressure from the United States and the United Kingdom, which have issued fresh sanctions against the groups, and outed several top operatives in the gangs.
The sanctions affect 11 people alleged to be involved in Trickbot, the modular initial-access Trojan that often presages ransomware attacks; the sanctions also target nine individuals for their specific involvement with the Conti ransomware group (which broke up last year), with seven of those people also on the Trickbot list. They “include administrators, managers, developers, and coders,” according to a statement on the sanctions from the US Treasury Department.
US officials in the statement characterized Trickbot as having ties to Russian intelligence services, and noted that Russia has “long been a haven for cybercrime.”
The sanctioned members include management and bookkeeping exec Mikhail Tsarev (aka Mango, Alexander Grachev, Super Misha, Ivanov Mixail, Misha Krutysha, and Nikita Andreevich Tsarev); coding team leader Maksim Rudenskiy; testing lead Maksim Galochkin (aka Bentley, Crypt, and Volhvb); and HR manager Maksim Khaliullin (aka Kagas), among others. They will be banned from having any financial dealings with any US or UK entities.
The move follows a joint US-UK sanctions effort against several Trickbot group members back in February, issued in response to the wave of ransomware disruptions against hospitals and healthcare centers during the height of the COVID-19 pandemic. Trickbot continues to be active, despite an effort to take it down in 2021.