Former members of cybercriminal group Trickbot and Conti have been identified by UK law enforcement. They are the source of one of the most dangerous malware of recent years.
The United Kingdom has decided to strike at the wallets of cybercriminals. British law enforcement, accompanied by American investigators, announced on February 9 freezing the bank accounts of seven members of notorious ransomware gangs. All Russian nationals, they participated in the preparation of attacks, the development and management of malware, information theft and money laundering.
Concretely, they are the ones who run the ransomware machine, while hackers are rather the armed wing. These true crime enterprises develop and supply the software to attack and block the data of the victimized company or administration. They then earn a commission on the ransoms.
The British police wanted to publicly display the name and face of the criminals, as a message to signal to the hacker world that they are able to find their identity. All were members of the Trickbot group, an ID theft Trojan active between 2016 and 2020. Building on their success, the accomplices merged with the Conti ransomware collective, becoming the most prolific group in 2021.
Thus, the list consists of Vitaly Kovalev, Maksim Mikhailov, Valentin Karyagin, Mikhail Iskritskiy, Dmitry Pleshevskiy, Ivan Vakhromeyev, and Valery Sadletskiy.
Thousands of victims in 2021
Conti was the most feared ransomware until 2022. Hackers had extorted more than 167 million euros in 2021 from companies and administrations affected by this malicious software. Ireland’s Public Health Service was paralyzed days after an attack, leading to the halt to blood tests, x-rays, scans, radiotherapy and chemotherapy appointments.
The invasion of Ukraine by Russia put an abrupt end to their criminal adventure. Several members had come out in favor of the Kremlin’s imperialist ambitions, without imagining that a Ukrainian associate of the group would completely ruin the whole enterprise in retaliation. It immediately publishes declarations, 60,000 internal messages and the source code of the malware, offering the means for all cyber companies to adapt their protection software.
The disclosure of these exchanges likely offered clues to British police. London being a favorite destination for the Russian criminal underworld, it would not be surprising if the hackers in question had real estate or had opened accounts in the United Kingdom. The dissolution of the group did not prevent certain members from continuing their activity, in particular for groups of hacktivists linked to the Kremlin. Their holidays in Europe are, on the other hand, compromised.
If you liked this article, you will like the following ones: do not miss them by subscribing to Numerama on Google News.
