The United Kingdom and the United States have jointly imposed sanctions on 11 individuals believed to be connected to the infamous TrickBot cybercrime gang based in Russia. 

This move came in response to ongoing cyberattacks on US government entities and businesses, including hospitals. The US Treasury Department expressed concerns about Russia being a safe haven for cybercriminals like TrickBot and their ties to Russian intelligence services.

The sanctions target various individuals within the gang, including administrators, managers, developers, and coders who have played key roles in TrickBot’s activities.

Last month, threat intelligence firm Nisos provided evidence and shed light on some individuals’ identities. The UK government highlighted that these individuals, all Russian nationals, operated in the shadows, using online aliases and pseudonyms.

“Removing their anonymity undermines the integrity of these individuals and their criminal businesses that threaten UK security,” the UK government said.

This action marks the second time in seven months that the UK and US have imposed sanctions on Russian individuals linked to TrickBot, Ryuk, and Conti cybercrime groups. At the same time, nine defendants face indictments related to TrickBot malware and Conti ransomware schemes, including seven of the newly sanctioned individuals.

TrickBot, originally evolving from the Dyre banking trojan in 2016, became a versatile malware suite capable of deploying ransomware and other malicious payloads. This cybercrime group, which survived a takedown attempt in 2020, merged with the Conti ransomware cartel in early 2022, adopting a more organised structure.

The disbandment of Conti in May 2022, driven by leaks that exposed the group’s activities, marked a turning point. These leaks, known as ContiLeaks and TrickLeaks, provided new insight into the cybercriminals’ operations, revealing internal chats and infrastructure details.

The leaks include approximately 250,000 messages, over 2,500 IP addresses, around 500 potential cryptocurrency wallet addresses, and thousands of domains and email addresses.

The UK National Crime Agency estimated that the group extorted at least $180 million (£144 million) globally and at least £27 million from 149 victims in the country.

Calls for improved cybersecurity

Despite concerted efforts through sanctions and indictments, Russian cybercrime groups persist, often operating under different names to evade bans and employing shared tactics to infiltrate their targets.

The latest 2023 cybercrime statistics showed that the cost of cyberattacks has surged over the past year, with the crime costing the UK £2.4 billion in 2021.

It’s not only businesses that face an increased risk of cyberattacks. High-net-worth individuals, in particular, are now prime targets due to their public status, with hackers capitalising on public records to gain insights into their wealth and property ownership.

According to a Campden Research study, over a quarter of ultra-high-net-worth (UHNW) families, family offices, and family businesses, with an average wealth of $1.1 billion (£878 million), have fallen victim to cyberattacks.

“Cybercriminals often see HNWIs and family offices as attractive targets as they have substantial assets but generally don’t have the same level of protection in place as a major corporation,” said Effie Datson, global head of family office at Barclays Private Bank.

Cybercriminals seek to take advantage of human or security weaknesses to acquire passwords, data, or financial resources. As reported by the National Crime Agency, the most common cyber threats include hacking, phishing, and malicious software.

To combat this growing threat, security agencies like Marengo are enhancing cybersecurity efforts. They offer services such as cybersecurity training, asset tracking, and anti-fraud measures to strengthen defences against cybercrimes.

 

Sources:

https://thehackernews.com/2023/09/uk-and-us-sanction-11-russia-based.html

https://www.bleepingcomputer.com/news/security/us-and-uk-sanction-11-trickbot-and-conti-cybercrime-gang-members/

https://aag-it.com/the-latest-cyber-crime-statistics/#:~:text=once%20a%20week.-,Cyber%20crime%20cost%20UK%20businesses%20an%20average%20of%20%C2%A34200,security%20as%20a%20high%20priority.

https://www.nationalcrimeagency.gov.uk/what-we-do/crime-threats/cyber-crime

https://www.telemediaonline.co.uk/cyber-attacks-up-38-globally-while-businesses-admit-they-dont-really-understand-the-risks/ 

https://privatebank.barclays.com/news-and-insights/2021/may/hnw-cyber-threat/

https://www.marshcommercial.co.uk/articles/cyber-security-protection-for-high-net-worth