Feb 9, 2023 - Technology

U.S., U.K. sanction Russian cybercrime gang Trickbot members

Image of a ransom note on a computer

Photo: Rob Engelaar/ANP/AFP via Getty Images

The Treasury Department on Thursday, in coordination with U.K. officials, sanctioned seven individual members of the notorious Russian hacking gang Trickbot, which has targeted U.S. hospitals and businesses in the last three years.

Why it matters: Sanctions are one of the few recourses Western officials have to hinder Russian hackers.

  • Sanctioned entities and people can't hold U.S. assets, and U.S. organizations can face legal consequences if they pay ransoms to sanctioned cybercrime groups.

The big picture: Trickbot has become one of the most notorious Russian ransomware gangs in recent years.

  • The Treasury Department says the gang was behind a wave of cyberattacks on U.S. hospitals during the height of the COVID-19 pandemic.
  • One such attack involved deploying ransomware on three Minnesota health care facilities in October 2020, disrupting the facilities' communications networks and forcing them to divert care to other facilities.
  • Trickbot members have also gloated in internal messages over how easy it is from them to attack and get a ransom payment from health care organizations, as Wired reported.

Catch up quick: U.S. Cyber Command attempted in 2020 to take down Trickbot's botnet, or a series of malware-infected devices that the hackers control.

  • But the operation only temporarily hindered the group. More than 140,000 victims were hit with a new Trickbot ransomware strain in the year after Cyber Command's operation, according to Check Point Research.

Between the lines: By sanctioning individual members of Trickbot, the Treasury Department is attempting to get ahead of an emerging trend among ransomware gangs to bypass sanctions: Rebranding their groups.

The intrigue: The Treasury Department said current members of Trickbot are "associated with Russian Intelligence Services" and the group's motivations are aligned with "Russian state objectives."

  • Those objectives included targeting the U.S. government and businesses.

Yes, but: Thursday's sanctions only hinder Trickbot's ability to target businesses inside the United States or United Kingdom — leaving plenty of other organizations around the world still vulnerable to attacks.

Sign up for Axios’ cybersecurity newsletter Codebook here.

Go deeper