US sanctions alleged Russian ransomware hackers known as Trickbot
The government says the group was known for targeting hospitals.
The U.S. is sanctioning what it says are seven members of a Russian hacker group who have targeted hospitals, companies and the U.S. government, the Treasury Department announced Thursday.
"Cyber criminals, particularly those based in Russia, seek to attack critical infrastructure, target U.S. businesses, and exploit the international financial system," Treasury Under Secretary Brian Nelson said in a statement. '
The group known as Trickbot was first identified in 2016 and its members have ties to Russian intelligence services, according to Treasury. Trickbot viruses have infected millions of computers and Trickbot ransomware – which locks down computer systems with demands of payment – was used against hospitals and healthcare centers at the height of the global pandemic in 2020.
"These criminals were key players in the explosive growth of the ransomware problem from a nuisance crime to a national security crisis," John Hultquist, head of Mandiant Intelligence at Google said in a statement. "While maintaining many of the trappings of an everyday business they showed an utter disregard for many of their victims, even targeting hospitals in the worst days of COVID."
Mandiant was among the first cybersecurity intelligence groups to identify Trickbot in 2016. Researchers have continued to track various forms of malicious software associated with the group. Some believe Trickbot malware may have served as a gateway for other ransomware attacks that collected hundreds of millions of dollars from victims.
In one known Trickbot attack, the U.S. says, the group deployed ransomware targeting three medical facilities in Minnesota. The attack disrupted computer networks, telephones and ambulance services, according to the Treasury Department.
"We do believe that actors affiliated with Trickbot are continuing to operate but these operations today use different malware," head of Mandiant Cybercrime Analysis Kimberly Goody told ABC News. "This is not uncommon as there are often ebbs and flows in the cyber crime ecosystem, including changing allegiances."
The sanctions essentially lock down the hackers' assets and property in the U.S. and block others from transacting with them. The U.K. also joined in sanctioning the accused hacker group.