U.S., U.K. sanction Russian cybercrime gang Trickbot members
Add Axios as your preferred source to
see more of our stories on Google.
Photo: Rob Engelaar/ANP/AFP via Getty Images
The Treasury Department on Thursday, in coordination with U.K. officials, sanctioned seven individual members of the notorious Russian hacking gang Trickbot, which has targeted U.S. hospitals and businesses in the last three years.
Why it matters: Sanctions are one of the few recourses Western officials have to hinder Russian hackers.
- Sanctioned entities and people can't hold U.S. assets, and U.S. organizations can face legal consequences if they pay ransoms to sanctioned cybercrime groups.
The big picture: Trickbot has become one of the most notorious Russian ransomware gangs in recent years.
- The Treasury Department says the gang was behind a wave of cyberattacks on U.S. hospitals during the height of the COVID-19 pandemic.
- One such attack involved deploying ransomware on three Minnesota health care facilities in October 2020, disrupting the facilities' communications networks and forcing them to divert care to other facilities.
- Trickbot members have also gloated in internal messages over how easy it is from them to attack and get a ransom payment from health care organizations, as Wired reported.
Catch up quick: U.S. Cyber Command attempted in 2020 to take down Trickbot's botnet, or a series of malware-infected devices that the hackers control.
- But the operation only temporarily hindered the group. More than 140,000 victims were hit with a new Trickbot ransomware strain in the year after Cyber Command's operation, according to Check Point Research.
Between the lines: By sanctioning individual members of Trickbot, the Treasury Department is attempting to get ahead of an emerging trend among ransomware gangs to bypass sanctions: Rebranding their groups.
- When Treasury sanctioned the Evil Corp. cybercrime gang in late 2019, the gang quickly stopped using its most well-known ransomware strain and started using new ransomware strains under a different name to confuse victims.
- Sanctioning and identifying individual members makes it more challenging for gangs to rebrand and evade sanctions.
The intrigue: The Treasury Department said current members of Trickbot are "associated with Russian Intelligence Services" and the group's motivations are aligned with "Russian state objectives."
- Those objectives included targeting the U.S. government and businesses.
Yes, but: Thursday's sanctions only hinder Trickbot's ability to target businesses inside the United States or United Kingdom — leaving plenty of other organizations around the world still vulnerable to attacks.
Sign up for Axios’ cybersecurity newsletter Codebook here.
