Several alleged Russian cybercriminals were indicted in a multi-million dollar ransomware scheme targeting hospitals, schools, and other businesses.
The Department of Justice and FBI made the announcement Thursday, stating that multiple people involved in the Trickbot malware and Conti ransomware schemes were indicted.
A press release states that Trickbot was a suite of malware tools made to steal money and facilitate the ransomware installation, while Conti was a ransomware variant that was used to attack over 900 victims worldwide, including victims in 47 states and 31 foreign countries. Organizations in Washington, D.C. and Puerto Rico were also affected.
A federal grand jury in the Northern District of Ohio returned indictments for Maksim Galochkin, Maksim Rudenskiy, Mikhail Mikhailovich Tsarev, Andrey Yuryevich Zhuykov, Dmitry Putilin, Sergey Loguntsov, Max Mikhaylov, Valentin Karyagin, Maksim Khaliullin, and charged them with conspiring to use the malware to steal money and personal information from victims, including businesses and financial institutions.
QAKBOT MALWARE NETWORK IS DISMANTLED IN MAJOR CRACKDOWN
A federal grand jury in the Middle District of Tennessee also indicted Galochkin, Rudenskiy, Tsarev, and Zhuykov with conspiring to use the Conti ransomware to conduct attacks on businesses, nonprofits, and governments in the U.S. beginning in 2020 and continuing through June 2022.
Galochkin was also charged in connection with a Conti ransomware attack on Scripps Health on May 1, 2021.
Trickbot was used by the defendants to infect victims' computers with malware in order to get online banking credentials and other personal information that could then be used to gain access to financial institutions, where money was stolen and laundered, officials say.
The Middle District of Tennessee indictment alleges that Galochkin, Rudenskiy, Tsarev, and Zhuykov conspired to use Conti to attack "hundreds of victims" including hospital systems, local governments, and foreign governments. In one case, prosecutors allege, the defendants extorted funds from people within the judicial district and encrypted computer systems of a sheriff's department, police department, emergency medical services, and more.
Ransom notes left on the Conti victims' computers typically stated "if you don’t [know Conti] – just ‘google it.’"
"The conspirators who developed and deployed Conti ransomware victimized businesses, governments, and non-profits around the world, including a sheriff’s office and an emergency medical service in Tennessee," said U.S. Attorney Henry C. Leventis for the Middle District of Tennessee. "We will continue to use the full power of this office to ensure that hackers can no longer hide behind their computer screens and to hold them accountable."
A senior FBI official told Fox News Digital that Trickbot has infected "millions of computers" worldwide, and is used as an "initial access broker and enables that to be sold and leased to other entities to engage in whatever activities they want to."
The FBI official said that Conti would attempt a "double extortion" on its victims, stating that before the files were encrypted "they would expel data out from the system and then publish it if people didn't pay to a leak site."
While Conti was in existence, the highest payment made was about $25 million, and in total, over $150 has been made before disbanding in May 2022.
The FBI official said that this action highlights the agency's efforts to combat cybercrime and going after the "ecosystem" that enables such activity.
Several individuals have already been indicted in the Trickbot malware scheme.
Vladimir Dunaev, a Russian national, was extradited from South Korea and indicted in 2021 for his alleged involvement in Trickbot.
CRIMINAL ENTERPRISE FLAUNTS AI IN CREEPY 'FRAUD-FOR-HIRE' COMMERCIAL MEANT FOR DARK WEB
Alla Witte is another individual indicted in the scheme, as she and other co-conspirators worked to infect victim's computers with the malware, which would capture personal information such as bank logins which were used to "execute unauthorized electronic funds transfers and launder the money through U.S. and foreign beneficiary accounts."
Developers and human resource professionals are among the individuals included in the indictments unsealed on Thursday.
Part of the FBI's strategy is to target these individuals and organizations by taking away some of the "key services" that they rely on, such as their ability to access online banking.
Victims of these alleged crimes include Ireland's health service, which the FBI official says was "targeted by Conti" and shut down for "quite some time."
FBI Director Christopher Wray said in a statement that the indictments send a message to cybercriminals.
"Today’s announcement shows our ongoing commitment to bringing the most heinous cyber criminals to justice—those who have devoted themselves to inflicting harm on the American public, our hospitals, schools, and businesses," Wray said. "Cyber criminals know that we will use every lawful tool at our disposal to identify them, tirelessly pursue them, and disrupt their criminal activity. We, alongside our federal and international partners, will continue to impose costs through joint operations no matter where these criminals may attempt to hide."
