The Treasury Department and the United Kingdom on Thursday announced joint sanctions against seven individuals tied to a Russia-based cybercrime gang known as Trickbot.
First identified in 2016, Trickbot reportedly targeted hospitals and health care centers with ransomware attacks at the height of the COVID-19 pandemic in 2020.
The Treasury Department noted an incident where the group launched ransomware against three Minnesota medical facilities, which disrupted “their computer networks and telephones, causing a diversion of ambulances.”
“Cyber criminals, particularly those based in Russia, seek to attack critical infrastructure, target U.S. businesses, and exploit the international financial system,” said Treasury Under Secretary Brian E. Nelson in a statement.
The agency also said that the group is associated with the Russian Intelligence Services.
The sanctions against the group block its access to all property and interests in property held by the designated individuals in the U.S. or in possession of U.S. citizens,
The State Department also released a statement on the matter calling Russia “a safe haven for cybercriminals, where groups such as Trickbot freely perpetrate malicious cyber activities against the United States, the United Kingdom, and our allies and partners.”
“These activities have targeted critical infrastructure, including hospitals and medical facilities,” the statement said.
The Treasury Department’s sanctions are the latest action taken by the U.S. government to combat cybercrime.
In late January, the Department of Justice said it disrupted an international ransomware group responsible for extorting more than $100 million in payments from organizations, including hospitals and schools, based in the U.S. and around the world.
The ransomware group, known as Hive, has targeted more than 1,500 victims around the world since its operation began in June 2021, the Justice Department said.