Cyberwar is certainly real: FinTelegram reported that the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC), in collaboration with the UK, has imposed sanctions on eleven members of the Russia-based Trickbot cybercrime organization allegedly protected by Russia. In a parallel enforcement action, the U.S. Department of Justice (DOJ) charges nine individuals linked to the Trickbot malware and Conti ransomware operations, seven sanctioned by OFAC.
The OFAC Cyberwar Sanctions
According to the OFAC, the Russian individuals sanctioned today are integral members of the Trickbot group, which has connections to Russian intelligence and has targeted the U.S. government, businesses, and healthcare facilities, especially during the COVID-19 crisis.
Those sanctioned include Trickbot‘s administrators, managers, developers, and coders. This action emphasizes the U.S. and UK’s joint effort to curb Russian cybercrime and follows a previous joint designation in February 2023.
Trickbot: Russia’s Infamous Cyber Gang
Trickbot background: Trickbot, taken down in 2022, was malware designed to steal money and aid ransomware installation, impacting hospitals, schools, and businesses with massive financial losses. It acted as an initial intrusion vector into victim computer systems for ransomware variants like Conti, which targeted over 900 global victims, including in 47 U.S. states and 31 countries. In 2021, the FBI noted Conti as the leading ransomware attacking critical infrastructure.
In 2016, Trickbot evolved from the Dyre trojan, an online banking malware created by Moscow-based cybercriminals. It has affected millions globally, especially in the U.S. During the COVID-19 peak in 2020, Trickbot launched ransomware attacks on U.S. healthcare facilities, which are seen as part of the ongoing cyberwar. The group even boasted about their successful attacks. They have ties to Russian intelligence and have aligned their actions with Russian state goals.
OFAC has designated eleven Trickbot-related individuals based on Executive Orders for their significant support of malicious cyber activities. The names and details of the sanctioned individuals can be found here on the OFAC website.
Implications of the Sanctions
The sanctions are part of the cyberwar between the US and Russia. Due to these sanctions, all assets of the sanctioned individuals within the U.S. or under U.S. control must be blocked and reported. Engaging in transactions with these individuals could lead to further sanctions. Foreign financial institutions aiding these individuals might face U.S. sanctions. The sanctions aim to induce positive behavioral change rather than mere punishment.
