The United States and the United Kingdom on Thursday announced sanctions against more alleged members of the Russian cybercrime group named Trickbot.
Earlier this year, the two countries sanctioned seven Russians for their alleged role in the Trickbot operation, and they have now announced sanctions against 11 additional individuals.
The latest sanctions target Andrey Zhuykov, described as a central actor and senior administrator; Maksim Galochkin, who led Trickbot testers; Maksim Rudenskiy, team lead for coders; Mikhail Tsarev, HR and finance manager; Dmitry Putilin, responsible for acquiring Trickbot infrastructure; Maksim Khaliullin, HR manager; Mikhail Chernov, in charge of internal utilities; Alexander Mozhaev, responsible for general administrative tasks; and coders Sergey Loguntsov, Vadym Valiakhmetov and Artem Kurov.
As a result of sanctions, these individuals can have their assets frozen, and entities in the US and UK are banned from doing business with them, which can also have an impact on ransomware payments.
In tandem with the sanctions, the US government announced charges against nine individuals over the development of the Trickbot malware, including seven of the newly sanctioned people and two of those targeted in the previous round of sanctions.
In addition, four of the individuals were indicted for their role in Conti ransomware attacks, each of them facing up to 25 years in prison.
While it may be difficult for the US to apprehend these individuals given its current relations with Russia, there have been cases where Russian cybercriminals ended up being prosecuted in the United States after they traveled outside their country. This includes Trickbot developers.
The cybercrime enterprise behind the Trickbot malware has been around for roughly a decade, targeting millions of computers worldwide as part of financially motivated operations aimed at businesses and individuals, including ransomware attacks and direct targeting of bank accounts.
The US government says the Trickbot group has ties to Russian intelligence services.
Microsoft announced the takedown of Trickbot infrastructure in October 2020, but CISA and the FBI warned a few months later that the malware had still been distributed in attacks.
Earlier this year, the US announced sanctions against 22 individuals and 83 entities that allegedly helped Russia’s war against Ukraine, including its cyber operations.