Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    [mc4wp_form id=3515]
    What's Hot

    Name That Toon: Last Line of Defense

    April 16, 2024

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    April 16, 2024

    Middle East Cyber Ops Intensify, With Israel the Main Target

    April 16, 2024
    Facebook Twitter Instagram
    • Privacy Policy
    • Contact Us
    Facebook Twitter Instagram Pinterest Vimeo
    AI Home SecurityAI Home Security
    • Home
    • Home Security
    • Cyber Security
    • Biometric Technology
    Contact
    AI Home SecurityAI Home Security
    Home»Cyber Security»Trickbot Members Sanctioned for Pandemic-Era Ransomware Hits
    Cyber Security

    Trickbot Members Sanctioned for Pandemic-Era Ransomware Hits

    justmattgBy justmattgFebruary 11, 2023No Comments3 Mins Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    Share
    Facebook Twitter LinkedIn Pinterest Email

    [ad_1]

    The US and the UK have issued joint sanctions against alleged members of the TrickBot cybercrime gang for their role in cyberattacks against critical infrastructure.

    Trickbot, as a malware, began life as a lowly banking Trojan before its authors started adding modules for other forms of malicious activity. It thus evolved into a multifaceted cyber-Swiss Army knife, often used as a first- or second-stage implant that, once ensconced on a victim machine, fetches ransomware or other payloads. The group ultimately grew into to acting as a ransomware affiliate for Conti and other groups. 

    “During the height of the COVID-19 pandemic in 2020, Trickbot targeted hospitals and healthcare centers, launching a wave of ransomware attacks against hospitals across the United States,” according to an announcement from the US Treasury Department. “In one of these attacks, the Trickbot Group deployed ransomware against three Minnesota medical facilities, disrupting their computer networks and telephones, and causing a diversion of ambulances. Members of the Trickbot group publicly gloated over the ease of targeting the medical facilities and the speed with which the ransoms were paid to the group.”

    The announcement, intriguingly, ties the seven sanctioned people to Russian Intelligence Services, since the 2020 attacks “aligned them to Russian state objectives and targeting previously conducted by Russian Intelligence Services. This included targeting the US government and US companies.” Trickbot has previously been widely considered to be a financially motivated cybercrime gang, Russian-speaking but not Russia-sponsored.

    The sanctioned individuals are:

    • Vitaly Kovalev, aka Bentley or Ben
    • Maksim Mikhailov, aka Baget
    • Valentin Karyagin, aka Globus
    • Mikhail Iskritskiy, aka Tropa
    • Dmitry Pleshevskiy, aka Iseldor
    • Ivan Vakhromeyev, aka Mushroom
    • Valery Sedletski, aka Strix

    The sanctions mean that the government can seize any assets that they may have in the US or UK, and it prevents US- and UK-based organizations and individuals from doing business with them. All seven perps remain at large, presumably under the comforting protection of the Russian state, which continues to look the other way when it comes to cybercriminals residing within its borders.

    “These sanctions are a welcome sight although they may be academic,” Timothy Morris, chief security adviser at Tanium, tells Dark Reading. “What it would, or should do, is make it harder for the seven involved to launder their ill-gotten gains. Also, they will probably be careful with any vacation plans for fear of capture or extradition. It is good to see sanctions and takedowns that have cross-jurisdiction cooperation.”

    As for the gang itself, a law-enforcement takedown in 2020 saw its activity slowly “wither,” according to a report last year from Intel 471, with the malware’s operators instead turning to the Emotet botnet to continue its incursions into businesses.

    “We’ve not seen any Trickbot activity since the Feb. 2022 blog post,” Michael DeBolt, chief intelligence officer at Intel 471, said in an emailed statement. “It is highly likely that Trickbot won’t be seen again. One possible scenario is that the source code may be sold or leaked, and other threat actors could re-use it or fork the source into a new project.”

    [ad_2]

    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleCISA Warns of Active Attacks Exploiting Fortra MFT, TerraMaster NAS, and Intel Driver Flaws
    Next Article New ESXiArgs Ransomware Variant Emerges After CISA Releases Decryptor Tool
    justmattg
    • Website

    Related Posts

    Cyber Security

    Name That Toon: Last Line of Defense

    April 16, 2024
    Cyber Security

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    April 16, 2024
    Cyber Security

    Middle East Cyber Ops Intensify, With Israel the Main Target

    April 16, 2024
    Add A Comment

    Leave A Reply Cancel Reply

    Demo
    Stay In Touch
    • Facebook
    • Twitter
    • Pinterest
    • Instagram
    • YouTube
    • Vimeo
    Don't Miss
    Cyber Security

    Name That Toon: Last Line of Defense

    justmattgApril 16, 2024

    [ad_1] The enemies are always getting closer, using the same advanced technologies as security pros…

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    April 16, 2024

    Middle East Cyber Ops Intensify, With Israel the Main Target

    April 16, 2024

    Muddled Libra Shifts Focus to SaaS and Cloud for Extortion and Data Theft Attacks

    April 16, 2024

    Subscribe to Updates

    Get the latest creative news from SmartMag about art & design.

    [mc4wp_form id=3515]
    Demo
    Top Posts

    Name That Toon: Last Line of Defense

    April 16, 2024

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    April 16, 2024

    Middle East Cyber Ops Intensify, With Israel the Main Target

    April 16, 2024
    Stay In Touch
    • Facebook
    • Twitter
    • Pinterest
    • Instagram
    • YouTube
    • Vimeo
    Latest Reviews
    Cyber Security

    Name That Toon: Last Line of Defense

    justmattgApril 16, 2024

    [ad_1] The enemies are always getting closer, using the same advanced technologies as security pros…

    Cyber Security

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    justmattgApril 16, 2024

    [ad_1] Apr 16, 2024NewsroomSupply Chain / Software Security Security researchers have uncovered a “credible” takeover…

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    [mc4wp_form id=3515]
    Demo
    MOST POPULAR

    Name That Toon: Last Line of Defense

    April 16, 2024

    California mountain lion P-22 left mark on wildlife conservation

    January 1, 2023

    Congress Again Writes To Home Minister Amit Shah Over Rahul Gandhi’s Security

    January 1, 2023
    OUR PICKS

    Name That Toon: Last Line of Defense

    April 16, 2024

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    April 16, 2024

    Middle East Cyber Ops Intensify, With Israel the Main Target

    April 16, 2024

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    [mc4wp_form id=3515]
    Facebook Twitter Instagram Pinterest
    • Privacy Policy
    • Contact Us
    AI Home Security © 2025 All rights reserved | Designed By ESmartsSolution

    Type above and press Enter to search. Press Esc to cancel.

    ↑