The US Justice Department has announced indictments against nine individuals suspected of being part of a notorious cybercriminal network with alleged ties to Russian intelligence.
This group is infamous for its involvement in ransomware attacks that targeted US hospitals, leading to over $100 million in ransom payments.
US Indicts Nine Linked to Hospital Ransomware Attacks
This announcement marks the culmination of a multi-year FBI investigation into a ransomware gang that professed allegiance to Russia during its assault on Ukraine in the previous year.
The group’s activities have extended beyond hospital attacks, with allegations of discussions about hacking a journalist investigating the poisoning of Kremlin critic Alexey Navalny.
As per charging documents, the nine indicted individuals, comprising eight Russians and one Ukrainian, remain at large.
US officials are now banking on a multimillion-dollar rewards program the State Department runs to encourage tips about their whereabouts should they leave Russia.
A senior FBI official emphasized the program’s value: “The offer has been proven to be highly valuable to us and our operations against cybercriminals.”
The Treasury Department has also imposed sanctions on these individuals, effectively cutting off their access to US dollars.
This latest move is part of an aggressive campaign by the US and its allies over the past two years to disrupt ransomware gangs operating from Russia and Eastern Europe.
These groups have disrupted critical institutions such as schools and healthcare providers.
Lacking cooperation from the Russian government in apprehending alleged cybercriminals, the US Justice Department has resorted to publicly exposing the hackers’ tactics, seizing their computer infrastructure hosted by Western tech firms, and hoping for the hackers to travel to a country willing to extradite them to the US.
Despite the challenges of apprehending these individuals, the US has successfully detained several accused Russian hackers, including one recently sentenced to nine years in prison for his role in a $93 million securities trading scheme.
US officials have even considered these detained hackers as potential candidates in prisoner swap negotiations for Americans held in Russia.
The nine individuals indicted in this case allegedly used two hacking tools associated with Russian-speaking cybercriminals.
Read more: 17 Arrested And 7 Eastern Kern Marijuana Shops Shut Down By Local Agencies
TrickBot and Conti: Overlapping Ransomware Threats Amass $180 Million
One of them, TrickBot, was used for initial hacking, while the other, Conti, was used to encrypt victims’ computers and demand substantial ransoms. It’s worth noting that TrickBot and Conti have been known to have overlapping affiliations, sometimes being referred to as a single gang by US officials.
The Conti ransomware, employed in numerous attacks worldwide, including nearly 300 in the US, has raked in $180 million in ransom payments, according to UK officials who also announced sanctions against some of the suspected cyber criminals.
Conti gained international attention when it declared its “full support” for the Russian government during its attacks on Ukraine in February 2022. In response, a Ukrainian cybersecurity researcher leaked thousands of internal documents related to the group, potentially revealing ties to the Russian government.
The FBI’s interaction with this researcher remains undisclosed.
Although the Conti code hasn’t been used in recent ransomware attacks, the group’s activities haven’t ceased.
A senior FBI official noted, “Conti went away, but the actors didn’t necessarily.”
Regarding the current status of the nine newly indicted individuals and the FBI’s efforts to track them, the FBI official declined to provide specifics, stating, “This is ongoing. We’re not done with it yet.”
Read more: New York State Authorities Consider Large-Scale License Revocation
