Russian citizen, 40 years old Vladimir Dunaev was sentenced to five years and four months in prison for his role in creating and distributing the TrickBot malware, the US Department of Justice (DoJ) said.
The development comes nearly two months after Dunaev pleaded guilty to committing computer fraud, identity theft and conspiracy to commit wire fraud and bank fraud.
“Hospitals, schools and businesses are among the millions of TrickBot victims who have suffered tens of millions of dollars in losses,” the DoJ said. “While active, the Trickbot malware, which served as the initial intrusion vector into victims’ computer systems, was used to support various ransomware variants.”
Born as a banking Trojan in 2016, TrickBot has evolved into a Swiss Army Knife capable of delivering additional payloads, including ransomware. Following efforts to take down the botnet, it was absorbed into the Conti ransomware operation in 2022.
The cybercriminal gang’s allegiance to Russia during the Russo-Ukrainian war led to a series of leaks dubbed ContiLeaks and TrickLeaks, which precipitated its shutdown in mid-2022, resulting in its fragmentation into numerous other ransomware and malware groups. data extortion.
Dunaev is said to have provided specialized services and technical capabilities to promote the TrickBot scheme between June 2016 and June 2021, using it to deliver ransomware against hospitals, schools and businesses.
Specifically, the defendant developed browser modifications and malicious tools that allowed it to harvest credentials and sensitive data from compromised machines as well as enable remote access. He also created programs to prevent the Trickbot malware from being detected by legitimate security software.
Another TrickBot developer, a Latvian citizen named Alla Witte, was sentenced to two years and eight months in prison in June 2023.
News of Dunaev’s conviction comes just days after the governments of Australia, the United Kingdom and the United States imposed financial sanctions on Alexander Ermakov, a Russian citizen and affiliate of the REvil ransomware gang, for orchestrating the 2022 attack against the company of Medibank health insurance companies.
Cybersecurity firm Intel 471 said Ermakov used various online aliases such as blade_runner, GustaveDore, JimJones, aiiis_ermak, GistaveDore, gustavedore, GustaveDore, Gustave7Dore, ProgerCC, SHTAZI and shtaziIT.
Like JimJones, he was also observed attempting to recruit unethical penetration testers who would provide login credentials for vulnerable organizations for subsequent ransomware attacks in exchange for $500 per login and a 5% cut of the ransom proceeds.
“These identifiers are linked to a wide range of cyber criminal activity, including network intrusions, malware development, and ransomware attacks,” the company said, offering insights into its history of cyber crime.
“Ermakov had a strong presence in cybercriminal forums and an active role in the cybercrime-as-a-service economy, both as a buyer and supplier, but also as an operator and affiliate of ransomware. It also appears that Ermakov was involved in the development of a software company specializing in the development of both legitimate and criminal software.”