Recently, the United States and the United Kingdom charged the 11 members of the notorious TrickBot/Conti cyber gang. They were charged for the Scripps Health ransomware attack.
US Indictment on TrickBot/Conti Ransomware Members
A California Southern District federal grand jury prosecuted Maksim Galochkin. This Russian national has a major role in infiltrating Scripps Health in May 2021. The court accused him along with his confederates of having made 900 attacks globally utilising Conti ransomware, which included the attack on Scripps Health.
In the Northern District of Ohio, the federal jury cited Galochkin for using TrickBot malware to pilfer funds and confidential information from enterprises and financial institutions in the US since 2015. Also indicted were Andrey Yuryevich Zhuykov, Max Mikhaylov, Maksim Khaliullin, Max Mikhaylov, Dmitry Putilin, Valentin Karyagin, Mikhail Mikhailovich Tsarev, and Sergey Loguntsov.
The Middle District of Tennessee federal grand jury likewise charged Galochkin for using Conti ransomware to target US businesses, non-profits, and governments starting in 2020 to June 2022 during the disbandment of the Conti operation.
Moreover, Galochkin was included in the 11 cyberhackers the U.S. Department of Justice, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) and the UK sanctioned recently for his involvement in the Trickbot cybercrime gang.
TrickBot was initially identified in 2016 and began life as a banking Trojan. This malware evolved from the Dyre Trojan that attacked and stole money from non-Russian businesses. The spyware’s progression and new capabilities enabled the TrickBot gang members to do several malicious activities, such as ransomware attacks.
UK’s Indictment on the Cybercrime Members
The UK’s National Crime Agency said the cybercrime gang members demanded $180 million from victims worldwide. It includes $33.7 million (£27 million) from 149 UK victims, attacked businesses, local authorities, schools, and hospitals.
According to UK authorities, penalising the cybercrime groups’ members challenges their abilities to profit from their illegal activities. This makes it difficult for them to target US and UK organisations. All accused perpetrators are Russian nationals and it’s implausible that the US will extradite them to Russia during the conflict between Russia and Ukraine.
The West implicates Russia as a hub for cybercrime gangs exploiting Western businesses, infrastructure, and government agencies, sometimes with the Kremlin’s permission.
“With Conti being closely affiliated with the Russian government, it’s highly unlikely they will be forced out of the country to be tried in court in the US or UK. The attackers will likely be able to continue with their lives as normal in Russia, but the public naming does demonstrate to the attackers that the UK and US governments got deep into their infrastructure and were able to work out their identities,” said Mike Newman, CEO of My1Login.
He also cautioned that while TrickBot and Conti may be affected, other cybercrime gangs would keep causing disorder.
Image Credit: Umayyads Marwanid Branch 692/WikimediaCommons