Cybersecurity

US, UK sanction Russia-based cybercrime gang

FILE - The Department of the Treasury's seal outside the Treasury Department building in Washington on May 4, 2021. The national debt is at the core of a dispute about how to raise the government's legal borrowing authority, which could come to a head this summer if the government runs out of accounting maneuvers to keep paying its bills. (AP Photo/Patrick Semansky, File)

The Treasury Department and the United Kingdom on Thursday announced joint sanctions against seven individuals tied to a Russia-based cybercrime gang known as Trickbot.

First identified in 2016, Trickbot reportedly targeted hospitals and health care centers with ransomware attacks at the height of the COVID-19 pandemic in 2020.

The Treasury Department noted an incident where the group launched ransomware against three Minnesota medical facilities, which disrupted “their computer networks and telephones, causing a diversion of ambulances.”

“Cyber criminals, particularly those based in Russia, seek to attack critical infrastructure, target U.S. businesses, and exploit the international financial system,” said Treasury Under Secretary Brian E. Nelson in a statement. 

The agency also said that the group is associated with the Russian Intelligence Services.

The sanctions against the group block its access to all property and interests in property held by the designated individuals in the U.S. or in possession of U.S. citizens,

The State Department also released a statement on the matter calling Russia “a safe haven for cybercriminals, where groups such as Trickbot freely perpetrate malicious cyber activities against the United States, the United Kingdom, and our allies and partners.”

“These activities have targeted critical infrastructure, including hospitals and medical facilities,” the statement said. 

The Treasury Department’s sanctions are the latest action taken by the U.S. government to combat cybercrime. 

In late January, the Department of Justice said it disrupted an international ransomware group responsible for extorting more than $100 million in payments from organizations, including hospitals and schools, based in the U.S. and around the world. 

The ransomware group, known as Hive, has targeted more than 1,500 victims around the world since its operation began in June 2021, the Justice Department said.