DOJ Charges Trickbot, Conti Cybercriminals Known For Targeting Critical Infrastructure

September 11, 2023 - The Department of Justice (DOJ) unsealed three indictments, revealing charges against multiple Russian cybercriminals involved in Trickbot and Conti malware and ransomware schemes. Trickbot and Conti actors have been known to target critical infrastructure, including hospitals and schools.

A federal grand jury in the Northern District of Ohio returned an indictment charging nine Russian nationals with conspiring to use Trickbot malware to steal money and confidential information from businesses beginning in November 2015.

In addition, a federal grand jury in the Southern District of California returned an indictment charging one threat actor in connection with the Conti ransomware attack on Scripps Health in May 2021. As previously reported, Scripps suffered a ransomware attack that resulted in EHR downtime and patient diversions.

In Tennessee, a federal grand jury returned an indictment charging threat actors with conspiring to attack businesses using Conti ransomware from 2020 through 2022.

“The Justice Department has taken action against individuals we allege developed and deployed a dangerous malware scheme used in cyberattacks on American school districts, local governments, and financial institutions,” said Attorney General Merrick B. Garland.

“Separately, we have also taken action against individuals we allege are behind one of the most prolific ransomware variants used in cyberattacks across the United States, including attacks on local police departments and emergency medical services. These actions should serve as a warning to cybercriminals who target America’s critical infrastructure that they cannot hide from the United States Department of Justice.”

Trickbot was dismantled in 2022, but was previously a notorious suite of malware tools used to extract ransoms out of its victims. Trickbot tools were used to support a variety of ransomware variants, including Conti, a group that attacked more than 900 victims worldwide.

In 2021, Conti ransomware was used to attack more critical infrastructure victims than any other ransomware variant, the DOJ noted in its press release.

“Today’s announcement shows our ongoing commitment to bringing the most heinous cyber criminals to justice – those who have devoted themselves to inflicting harm on the American public, our hospitals, schools, and businesses,” said FBI Director Christopher Wray. “Cyber criminals know that we will use every lawful tool at our disposal to identify them, tirelessly pursue them, and disrupt their criminal activity. We, alongside our federal and international partners, will continue to impose costs through joint operations no matter where these criminals may attempt to hide.”