Russian nationals indicted over Trickbot malware, Conti ransomware schemes

Charges against Russian nationals in three federal jurisdictions were unsealed last week, revealing indictments for cybercrimes committed through Trickbot malware and Conti ransomware in recent years.

“The Justice Department has taken action against individuals we allege developed and deployed a dangerous malware scheme used in cyberattacks on American school districts, local governments, and financial institutions,” Attorney General Merrick Garland said. “Separately, we have also taken action against individuals we allege are behind one of the most prolific ransomware variants used in cyberattacks across the United States, including attacks on local police departments and emergency medical services. These actions should serve as a warning to cybercriminals who target America’s critical infrastructure that they cannot hide from the United States Department of Justice.”

Indictments were returned by federal grand juries against Maksim Galochkin, Maksim Rudenskiy, Mikhail Mikhailovich Tsarev, Andrey Yuryevich Zhuykov, Dmitry Putilin, Sergey Loguntsov, Max Mikhaylov, Valentin Karyagin and Maksim Khaliullin. Each was charged with conspiring to use Trickbot to steal money and personal/confidential information from unsuspecting victims since 2015. Galochkin, Rudenskiy, Tsarev, and Zhuykov were also charged with using Conti ransomware to attack businesses, nonprofits and governments between 2020 and June 2022.

Trickbot was a series of malware tools meant to install ransomware and help steal money. Though it was taken down in 2022, during its time the software hit hospitals, schools and businesses alike and helped pilfer millions of funds. Conti was a ransomware variant, sometimes supported by Trickbot, known to have been used in attacks on more than 900 victims worldwide.

“The defendants charged in these three indictments across three different jurisdictions allegedly used their cyber knowledge and capabilities to victimize people and businesses around the world without regard for the damage they caused,” Acting Assistant Attorney General Nicole Argentieri of the Justice Department’s Criminal Division said. “These indictments should serve as a reminder that no matter a cybercriminal’s location, we will identify and pursue them by doing everything in our power to ensure they face the consequences of their actions.”

Charges were filed through the Northern District of Ohio, the Middle District of Tennessee and the Southern District of California. In Ohio, each defendant was charged with a single count of conspiracy to violate the Computer Fraud and Abuse Act, one count of wire fraud conspiracy, and one count of conspiracy to launder the proceeds of the scheme, with maximum penalties of 62 years in prison. In Tennessee, the four defendants were each charged with one count of conspiracy to violate the Computer Fraud and Abuse Act and one count wire fraud conspiracy, with a maximum penalty of 25 years in prison.

Galochkin was the odd man out, so to speak, by being the only accused also to be charged in the California case. There, he was charged with three counts of computer hacking, with a maximum penalty of 20 years in prison for transmitting the Conti malware and impairing the medical examination, diagnosis, treatment and care of one or more individuals.