By Raphael Satter and Suzanne Smalley
WASHINGTON (Reuters) – The United States and Britain have imposed sanctions against seven leading members of a notorious Russian hacking gang known as Trickbot, officials announced on Friday.
Trickbot’s malicious software at one point was counted among one of the internet’s most pernicious security threats, capable of stealing financial data, spreading across networks, and dropping ransom software.
The group behind it was seen as particularly ruthless. In its announcement outlining the move, the U.S. Treasury noted that, “during the height of the COVID-19 pandemic in 2020, Trickbot targeted hospitals and healthcare centers, launching a wave of ransomware attacks against hospitals across the United States.”
U.S. Secretary of State Antony Blinken said in a statement that the United States and Britain were “committed to using all available authorities to defend against cyber threats.” British officials hailed the first-of-its-kind deployment of sanctions against cybercriminals and said it was just the “first wave” in “new coordinated action” against such groups.
“This is a hugely significant moment for the UK and our collaborative efforts with the U.S. to disrupt international cyber criminals,” Britain’s National Crime Agency Director-General Graeme Biggar said in a statement.
Although Trickbot’s malicious software has not been deployed for a couple of years, the individuals behind it remain active and still appear to be working together, according to Allan Liska, a threat intelligence analyst with Recorded Future.
At one point cybersecurity experts say Trickbot’s operations appear to have been taken over by another ransomware gang, dubbed Conti. Both Trickbot and Conti were accused by U.S. and British authorities of having ties to the Russian intelligence services.
The Russian Embassies in Washington and London did not immediately return a message seeking comment. Reuters could not immediately locate contact details for the alleged hackers.
Sanctions tend to be largely symbolic given that Russia is already heavily sanctioned and cybercriminals based there tend to steer clear of the United States or Britain.
But Liksa said the move still made it harder for hackers to launder their money.
He said that U.S. officials had been lobbying to get other countries to impose sanctions on cybercriminals.
“The fact that we’ve got the UK doing this with us is a sign that other countries are seeing this as a viable option for punishing the bad guys,” he said.
(Reporting by Raphael Satter, Suzanne Smalley, and Susan Heavey in Washington and James Pearson in London; Editing by Toby Chopra)