On September 7, 2023, as part of a coordinated effort, the UK and US designated 11 members of the Russia-based Trickbot cybercrime group, a cyber-gang allegedly responsible for the Trickbot/Conti ransomware attacks that targeted hospitals and other critical infrastructure in the UK and US during the COVID-19 pandemic. The Trickbot group, allegedly one of the first groups to offer support for Russia’s invasion of Ukraine, has also threatened those who oppose the illegal invasion. According to the National Crime Agency, the group is responsible for extorting approximately $180 million from victims around the world, including £27 million from 149 UK victims. This action is a continuation of joint efforts taken by the UK and US to counter the threat of ransomware at home and abroad by exposing the identities of cybercriminals who usually hide behind online pseudonyms and monikers in order to harm and extort funds from their victims with impunity.
The designees, who reportedly have ties to Russian intelligence services, include administrators, managers, developers, coders and recruiters who have materially supported Trickbot operations. They were sanctioned by the UK under the Cyber (Sanctions) (EU Exit) Regulations 2020, which subjects the designees to asset freezes and travel bans in the UK, while the US imposed sanctions pursuant to Executive Order 13694, as amended by EO 13757, for their support of or involvement in significant malicious cyber-enabled activities. As a result of the US designation, all designees’ property and interests in property within the United States or within the possession or control of a US person are blocked, and US persons are generally prohibited from engaging in transactions involving the designated person. In addition, entities owned 50 percent or more by one or more blocked persons are also blocked.
The designations were timed to coincide with the unsealing of indictments against 7 of the newly-designated individuals by US Department of Justice. The DOJ unsealed indictments in California, Ohio and Tennessee against multiple Russian defendants for their alleged involvement in the Trickbot malware and Conti ransomware schemes.
US Department of Treasury Press Release | US Department of Justice Press Release | UK Government Press Release | OFSI Financial Sanctions Notice – Cyber