9 Russians charged with cyberattacks targeting US companies
The men allegedly infected victims' computers with Trickbot malware.
The Justice Department earlier this week charged nine Russian nationals who they say used Russian-based malware in cyberattacks to steal money from U.S. companies, governments and school districts.
Mikhail Tsarev, Andrey Zhuykov, Maksim Galochkin, Dimitry Putlin, Sergey Loguntsov, Max Mikhaylov, Makism Rudensky, Valentin Karyagin, and Maskim Khaliullin allegedly used malware tools, Trickbot and Conti, to infiltrate Americans' devices, according to the DOJ.
The defendants are behind "one of the most prolific ransomware variants used in cyberattacks across the United States, including attacks on local police departments and emergency medical services," Attorney General Merrick Garland said in a statement released by the Justice Department.
The nine men allegedly infected victims' computers with Trickbot malware designed to capture victims' personal data such as banking credentials as well as passwords and personal identification for things like credit cards and emails, according to one indictment unsealed in the Northern District of Ohio. The hackers then infected other computers and used the login credentials to steal funds from victims' bank accounts, and then installed ransomware on the victim computers, the indictment said.
Ransomware is a type of malware that threatens to publish a victim's personal data or block access if a ransom is not paid off.
According to the indictment, the defendants sent phishing emails to companies with an embedded malicious link or attachment in the email. When an unsuspecting person would click on it, it would infect their network.
The men would then ask for money in order to unlock the system, according to the documents. The men maintained the software -- which the FBI took offline last year -- beginning in 2015, the DOJ said.
The defendants wired money from a company's account using stolen banking information that they obtained by deploying the malware, according to the court documents.
“Today’s announcement shows our ongoing commitment to bringing the most heinous cybercriminals to justice – those who have devoted themselves to inflicting harm on the American public, our hospitals, schools, and businesses,” said FBI Director Christopher Wray in the DOJ statement.
“Cybercriminals know that we will use every lawful tool at our disposal to identify them, tirelessly pursue them, and disrupt their criminal activity. We, alongside our federal and international partners, will continue to impose costs through joint operations no matter where these criminals may attempt to hide,” Wray added.
Garland said in a statement that the indictments brought against the men show "that they cannot hide from the United States Department of Justice.”
Several of the defendants face indictments for cybercrimes in Tennessee and California as well as Ohio.
The Southern District of California indictment alleges Galochkin, one of the masterminds of the plot, hacked Scripps Healthcare network using the Conti malware, an offshoot of the Trickbot malware. Through the Scripps Healthcare hack, they damaged the computers of more then 900 people, the indictment said. The hackers stole 150,000 patients' data as well, Scripps Healthcare reported.
The Scripps Healthcare hack delayed getting patient information and checkups, according to court documents.
A federal grand jury in the Middle District of Tennessee returned an indictment charging Galochkin, Rudenskiy, Tsarev and Zhuykov with conspiring to use that same Conti ransomware to attack businesses, nonprofits and governments in the U.S. for two years, starting in 2020.
All of the men are believed to be in Russia, according to the Justice Department and do not have U.S. lawyers.
Javed Ali, the former senior director for counterterrorism at the National Security Council told ABC News it is unlikely the men will ever be brought to justice, but their ability to travel outside of Russia is now severely hampered.
"The recent indictments by the Department of Justice of nine individuals affiliated with the Russian-based hacking group Trickbot underscores how the United States continues to use law enforcement investigations and criminal prosecutions as a policy tool to apply pressure and hold criminals accountable for cyberattacks involving ransomware and other methods," Ali, now an associate professor at the Ford School of Public Policy at the University of Michigan, said.
"The United States has similarly issued indictments against other East European cybercriminals over the past few years, which has also included the extradition of some of those individuals to actually face criminal trials here."