US and UK sanction Russian cybercrime group targeting hospitals, providers

Editor's Note

The United States, in coordination with the United Kingdom, has imposed sanctions on 11 individuals linked to the Russia-based cybercrime group known as Trickbot, a US Department of the Treasury September 7 press release reports. These sanctions were issued by the US Department of the Treasury's Office of Foreign Assets Control, while the US Department of Justice simultaneously unveiled indictments against nine individuals associated with Trickbot and Conti ransomware schemes.

This action targets key figures involved in the management and procurement of Trickbot, which has ties to Russian intelligence services and has been responsible for cyberattacks on US government entities, companies, and healthcare providers, particularly during the COVID-19 pandemic. The sanctioned parties include administrators, managers, developers, and coders who have materially supported Trickbot's operations. This move is part of ongoing collaborative efforts between the US and the UK to disrupt Russian cybercriminal activities, following the joint designation of several Trickbot group members in February 2023.

Trickbot, initially identified in 2016, started as a trojan virus and evolved into a highly adaptable malware suite. It has been responsible for infecting millions of computers worldwide. “According to the agencies, the Trickbot group in 2020 launched a wave of ransomware disruptions against US hospitals and healthcare facilities, in one case deploying ransomware that disrupted computer networks and telephones at three Minnesota facilities and caused them to divert ambulances,” the American Hospital Association reported.