Members of cybercrime group Trickbot, which favors deploying ransomware on critical infrastructure, were handed sanctions in the first-of-its-kind collaboration between U.S. and U.K. agencies.
U.S. federal agencies have teamed up with their counterparts in the United Kingdom to defend the digital networks of both nations’ critical infrastructure from Russia-linked cybercriminals.
Announced by the U.S. Department of State and Department of Treasury, both countries have issued sanctions against seven members of the Russia-based cybercrime organization Trickbot. While the U.S. Treasury has overseen sanctions on Russian industries before, these are the first sanctions of their kind from the U.K. government.
“Cyber criminals, particularly those based in Russia, seek to attack critical infrastructure, target U.S. businesses, and exploit the international financial system,” said Treasury Under Secretary Brian Nelson. “The United States is taking action today in partnership with the United Kingdom because international cooperation is key to addressing Russian cybercrime.”
Treasury’s Office of Foreign Assets Control worked in tandem with the U.K.’s Foreign, Commonwealth and Development Office, the National Crime Agency and His Majesty’s Treasury to disrupt Russian cybercrime and ransomware by applying the new sanctions.
Trickbot was initially identified in 2016 as a trojan virus stemming from the Dyre trojan virus. Both viruses target financial data, and began attacking non-Russian entities in mid-2014. At the onset of the COVID-19 pandemic, Trickbot began targeting U.S. critical networks more heavily, particularly attacking hospitals and healthcare centers with ransomware assaults.
One example Treasury cites involved Trickbot hackers deploying the virus on a Minnesota medical facility system, causing outages and connectivity interruptions between computer networks, phone systems and ambulance coordination.
Treasury noted that members of Trickbot “publicly gloated” over how easy it is to deploy successful ransomware attacks on medical facilities’ digital systems.
Identified members of Trickbot have been associated with Russian Intelligence Services. Some noted members include Vitaly Kovalev, Maksim Mikhaillov, Valentin Karyagin and Dmitry Pleshevskiy, among others.
The sanctions intend to freeze U.S.-based assets and property of Trickbot members, and prohibits any involvement between members and U.S. citizens. This particularly applies to financial activity and transactions between U.S. entities and Trickbot members.
“The ultimate goal of sanctions is not to punish but to bring about a positive change in behavior,” the Treasury news release noted.