The United States and the United Kingdom have sanctioned 11 members of the Russian group Trickbotsome of whom participated in the attacks carried out by the Russian group Accounts. The new sanctions are in addition to those issued against seven other members in the month February. Both groups are no longer active, but members are affiliated with later groups, including Royal and Black Basta.
Blocking of assets and travel
Trickbot it was a banking trojan, therefore used to steal bank account credentials. It later evolved into a modular malware exploited as a tool for initial access and distribution of ransomware, including Accounts. The two Russian cybercriminal groups have carried out numerous attacks, mainly against companies and organizations located in Western countries.
According to US and UK authorities, Trickbot extorted over 180 million dollars worldwide, including £27 million in the UK alone, where schools and hospitals were also affected. Some members of the group are associated with Russian intelligence services and therefore carry out activities aligned with the Kremlin’s interests.
The 11 sanctioned members are: Andrey Zhuykov, Maksim Galochkin, Maksim Rudenskiy, Mikhail Tsarev, Dmitry Putilin, Maksim Khaliullin, Sergey Loguntsov, Vadym Valiakhmetov, Artem Kurov, Mikhail Chernov and Alexander Mozhaev. The group operated like a company, so there were administrators, developers and HR managers.
The sanctions prohibit US and UK organizations from paying ransoms. Members of the group cannot access their assets and travel, but these are symbolic sanctions, as they are protected from extradition.