US and UK announce sanction against TrickBot and Conti ransomware members

On Thursday 9th of February 2023, the United States and the United Kingdom sanctioned seven individuals for their involvement in the TrickBot malware operation. This sanction is the first of its kind for the UK to disrupt Russian cybercrime and ransomware.

As a result of these sanctions, all property and funds in the United States and the United Kingdom belonging to the following individuals have been blocked:

• Vitaly Kovalev – A senior figure within the Trickbot Group. And has also been charged with conspiracy to commit bank fraud and eight counts of bank fraud in connection with a series of intrusions into victim bank accounts held at various U.S.-based financial institutions that occurred in 2009 and 2010, predating his involvement in the Trickbot Group.
• Maksim Mikhailov– Involved in the development for the Trickbot Group.
• Valentin Karyagin – Involved in the development of ransomware and other malware projects.
• Mikhail Iskritskiy– Involved in money-laundering and fraud projects for the Trickbot Group.
• Dmitry Pleshevskiy– Involved in injecting malicious code into websites to steal victims’ credentials.
• Ivan Vakhromeyev – Worked as a manager for the Trickbot Group.
• Valery Sedletski– Worked as an administrator for the Trickbot Group, including managing servers.

Therefore, this sanction has blocked individuals and companies from performing transactions with the sanctioned individuals, including paying ransoms. Furthermore, this could cause issues for other ransomware operations as these individuals likely moved on to other ransomware operations after the Conti operation shut down. Therefore could hamper the payment of ransoms to other ransomware gangs known to have members previously affiliated with Conti. The possible ransomware gangs that might be impacted include BlackCat, Royal Group, AvosLocker, Karakurt, LockBit, Silent Ransom, and DagonLocker.