Trickbot members sanctioned for pandemic-era ransomware hits

The US and the UK have issued joint sanctions against alleged members of the TrickBot cybercrime gang for their role in cyberattacks against critical infrastructure.

Trickbot, as a malware, began life as a lowly banking Trojan before its authors started adding modules for other forms of malicious activity. It thus evolved into a multifaceted cyber-Swiss Army knife, often used as a first- or second-stage implant that, once ensconced on a victim machine, fetches ransomware or other payloads. The group ultimately grew into to acting as a ransomware affiliate for Conti and other groups.

“During the height of the COVID-19 pandemic in 2020, Trickbot targeted hospitals and healthcare centers, launching a wave of ransomware attacks against hospitals across the United States,” according to an announcement from the US Treasury Department. “In one of these attacks, the Trickbot Group deployed ransomware against three Minnesota medical facilities, disrupting their computer networks and telephones, and causing a diversion of ambulances. Members of the Trickbot group publicly gloated over the ease of targeting the medical facilities and the speed with which the ransoms were paid to the group.”

The announcement, intriguingly, ties the seven sanctioned people to Russian Intelligence Services, since the 2020 attacks “aligned them to Russian state objectives and targeting previously conducted by Russian Intelligence Services. This included targeting the US government and US companies.” Trickbot has previously been widely considered to be a financially motivated cybercrime gang, Russian-speaking but not Russia-sponsored.

To read the complete article, visit Dark Reading.