Support The Moscow Times!

U.S. Indicts 9 Russians Behind 'Trickbot' Malware

Anete Lusina / pexels

The United States announced indictments Thursday of nine Russians allegedly part of the Trickbot cybercrime group which plied ransomware schemes to extort businesses including hospitals during the Covid-19 pandemic.

The nine, some of whom were alleged to have links to Russian intelligence services, were named in a series of indictments across multiple U.S. states where several of their extortion targets were located.

In parallel, the U.S. Treasury and the State Department, along with British authorities, placed the nine indicted hackers and two others on their sanctions blacklists.

The indictments said the Trickbot group deployed malware and an associated ransomware program called Conti to attack hundreds of targets across nearly all of the United States and in more than 30 countries since 2016.

According to Britain's National Crime Agency, the operation reaped at least $180 million worldwide, including 27 million pounds ($33.7 million) from British targets.

The group particularly targeted hospitals and healthcare services during the 2020-2021 coronavirus pandemic.

They would invade a computer system and encrypt all the data, demanding hundreds of thousands or even millions of dollars in each case, paid in cryptocurrency, to free up the systems.

In one example, the group used ransomware against three Minnesota medical facilities, disrupting their computer networks and telephones, and causing a diversion of ambulances, U.S. officials said.

"Members of the Trickbot group publicly gloated over the ease of targeting the medical facilities and the speed with which ransoms had been paid to the group," according to a Treasury statement.

In July 2020, an attack hit a local government in a Tennessee town and used that to lock down local emergency medical services and the police department.

A May 2021 virtual incursion against a California hospital network, Scripps Health, locked up the computers of some 24 acute care and outpatient facilities.

Scripps later said the cyberattack cost it tens of millions of dollars, including lost revenue and the costs of a lawsuit charging it did not adequately protect patient records.

The nine included Andrey Zhuykov, identified as the senior administrator of the Trickbot operations, as well as coders, testers, a Trickbot "human resources manager," and a finance manager.

The nine faced multiple charges of conspiracy and fraud. All remain at large.

Sign up for our free weekly newsletter

Our weekly newsletter contains a hand-picked selection of news, features, analysis and more from The Moscow Times. You will receive it in your mailbox every Friday. Never miss the latest news from Russia. Preview
Subscribers agree to the Privacy Policy

A Message from The Moscow Times:

Dear readers,

We are facing unprecedented challenges. Russia's Prosecutor General's Office has designated The Moscow Times as an "undesirable" organization, criminalizing our work and putting our staff at risk of prosecution. This follows our earlier unjust labeling as a "foreign agent."

These actions are direct attempts to silence independent journalism in Russia. The authorities claim our work "discredits the decisions of the Russian leadership." We see things differently: we strive to provide accurate, unbiased reporting on Russia.

We, the journalists of The Moscow Times, refuse to be silenced. But to continue our work, we need your help.

Your support, no matter how small, makes a world of difference. If you can, please support us monthly starting from just $2. It's quick to set up, and every contribution makes a significant impact.

By supporting The Moscow Times, you're defending open, independent journalism in the face of repression. Thank you for standing with us.

Once
Monthly
Annual
Continue
paiment methods
Not ready to support today?
Remind me later.

Read more