WASHINGTON, D.C. — Three indictments across different federal jurisdictions have been unsealed, revealing charges against several Russian cybercriminals implicated in the Trickbot malware and Conti ransomware schemes.
The Trickbot malware, taken down in 2022, was a suite of malicious software tools designed to steal money and facilitate the installation of ransomware. Its victims, numbering in the millions, included hospitals, schools, and businesses, and suffered losses amounting to tens of millions of dollars. Trickbot also served as an initial intrusion vector into victim computer systems, supporting various ransomware variants, including Conti.
Conti, a ransomware variant, was used to attack more than 900 victims worldwide, including victims in approximately 47 states, the District of Columbia, Puerto Rico, and approximately 31 foreign countries. The FBI reported that in 2021, Conti ransomware was used to attack more critical infrastructure victims than any other ransomware variant.
“The Justice Department has taken action against individuals we allege developed and deployed a dangerous malware scheme used in cyberattacks on American school districts, local governments, and financial institutions,” Attorney General Merrick B. Garland said. “These actions should serve as a warning to cybercriminals who target America’s critical infrastructure that they cannot hide from the United States Department of Justice.”
FBI Director Christopher Wray emphasized the agency’s commitment to bringing cybercriminals to justice. “Cyber criminals know that we will use every lawful tool at our disposal to identify them, tirelessly pursue them, and disrupt their criminal activity,” Wray said.
Acting Assistant Attorney General Nicole M. Argentieri of the Justice Department’s Criminal Division also warned cybercriminals of the consequences of their actions, stating that the department will identify and pursue them regardless of their location.
Special Agent in Charge William Mancino of the U.S. Secret Service’s Criminal Investigative Division highlighted the damage caused by Conti ransomware, stating that the Secret Service will continue to work with law enforcement partners to investigate cybercriminals and bring offenders to justice.
The indictments include charges against Maksim Galochkin, aka Bentley; Maksim Rudenskiy, aka Buza; Mikhail Mikhailovich Tsarev, aka Mango; Andrey Yuryevich Zhuykov, aka Defender; Dmitry Putilin, aka Grad and Staff; Sergey.
