Skip to content Skip to sidebar Skip to footer

US and UK Authorities Sanction Members of Trickbot Ransomware Group

The US and UK jointly impose sanctions on 11 members of the Trickbot ransomware group, targeting their cryptocurrency-linked activities amid rising ransomware attacks and global efforts to combat cybercrime.

Key Points

  • US and UK impose sanctions on 11 members of the Russia-based ransomware group Trickbot.
  • Sanctioned individuals include Maksim Galochkin, Maksim Rudenskiy, and Mikhail Tsarev.
  • Trickbot linked to cryptocurrency extortions worth around $833 million, amidst rising ransomware attacks.
  • Collaboration between the US and UK autchorities aims to combat cybercrime challenges posed by groups like Trickbot, known for ties to Russian intelligence services and compromising critical infrastructure.

The US Office of Foreign Assets Control (OFAC) and the UK HM Treasury Office of Financial Sanctions Implementation (OFSI) have jointly imposed sanctions on eleven members of the Russia-based ransomware group Trickbot.

This action follows an earlier round of sanctions imposed on seven members of the same group earlier this year.

Sanctioned Individuals

The individuals sanctioned by OFSI and OFAC include Maksim Galochkin, known as “Bentley,” Maksim Rudenskiy, also referred to as “Buza,” “Silver,” or “Binman,” and Mikhail Tsarev, or “Mango.”

Ransomware attacks have been increasing, with data from Chainalysis showing that cybercriminals extorted at least $449.1 million between January and June this year.

Trickbot, in particular, has been linked to various ransomware strains that have resulted in cryptocurrency extortions worth approximately $833 million.

Comments from Rob Jones

Rob Jones, Director General of Operations at the National Crime Agency, commented on the sanctions, stating that they are a continuation of the campaign against international cyber criminals.

He emphasized the challenges and opportunities presented by cryptocurrencies in the fight against cybercrime.

Trickbot Group, which was first identified in 2016, has become one of the leading cybercrime organizations in terms of crypto earnings.

It is second only to North Korea’s Lazarus Group. Recently, the FBI detected blockchain activities related to significant cryptocurrency thefts by North Korea’s TraderTraitor group, Lazarus Group, and APT38. North Korea may potentially liquidate over $40 million worth of bitcoin.

Ties to Russian Intelligence Services

Trickbot Group has well-documented ties to Russian intelligence services and collaborates with other cybercrime entities. Their ransomware strains have compromised millions of devices globally, including critical infrastructure such as hospitals.

The OFSI and OFAC have sanctioned the following individuals: Andrey Zhuykov, Maksim Galochkin, Maksim Rudenskiy, Mikhail Tsarev, Dmitry Putilin, Maksim Khaliullin, Sergey Loguntsov, Alexander Mozhaev, Vadym Valiakhmetov, Artem Kurov, and Mikhail Chernov.

Chainalysis has played a crucial role in identifying cryptocurrency wallets linked to these sanctioned individuals. This has aided in the broader effort to disrupt the operations of cybercrime groups like Trickbot.

The collaborative efforts between the US and UK authorities highlight the global commitment to combat the challenges posed by cybercrime in an era dominated by blockchain technology.