The United States and the United Kingdom issued sanctions and indictments against 11 people who they allege are an integral part of Trickbot cybercrime group and are currently hiding out and operating in Russia.
Many of the current ransomware attacks originate from that part of the world. Even if other countries have no jurisdiction in those areas, sanctions can still be levied against individuals, in this case, the ones considered responsible for managing Trickbot.
“Today’s targets include key actors involved in management and procurement for the Trickbot group, which has ties to Russian intelligence services and has targeted the U.S. Government and U.S. companies, including hospitals,” said the US Department of Justice in a press release. “During the COVID-19 pandemic, the Trickbot group targeted many critical infrastructure and health care providers in the United States.”
“The targets designated today include administrators, managers, developers, and coders who have materially assisted the Trickbot group in its operations,” the authorities explained. “This designation is part of continued collaborative efforts by the U.S. and the UK to disrupt Russian cybercrime and ransomware, and follows the first joint U.S.-UK cyber designation of several Trickbot group members in February 2023, the first designation under the UK’s new cyber authority.’
While indictments might not mean much for people hiding out in Russia, sanctions might have a much more direct effect. For one, all property and interests of the individuals in the United States will be blocked. Moreover, any person who engages with the people sanctioned by the US government could also be sanctioned.
The same goes for foreign financial institutions that engage with people affected by sanctions. The effects will not be immediate, but they could slow down the use of these types of malware, target, combat, and counter ransomware actors, and address Russian cybercrime.