40 years old Russian national Vladimir Dunayev The U.S. Department of Justice (DoJ) said he was sentenced to five years and four months in prison for his role in creating and distributing the TrickBot malware.
The development comes nearly two months after Dunayev pleaded guilty to computer fraud and identity theft, as well as conspiracy to commit wire fraud and bank fraud.
“The millions of TrickBot victims include hospitals, schools, and businesses who suffered tens of millions of dollars in losses,” the U.S. Department of Justice said. “While active, Trickbot malware served as the initial intrusion into victims’ computer systems. vectors used to support various ransomware variants.”
TrickBot began as a banking Trojan in 2016 and has since evolved into a Swiss Army knife capable of delivering additional payloads, including ransomware. After efforts to take down the botnet, the botnet was included in the Conti ransomware operation in 2022.
The cybercriminal group’s allegiance to Russia during the Russo-Ukrainian war led to a series of leaks known as ContiLeaks and TrickLeaks, which led to its shutdown in mid-2022 and its split into many other ransomware and data extortion groups.
Dunaev allegedly provided professional services and technical capabilities between June 2016 and June 2021 to advance the TrickBot program, which was used to deliver ransomware to hospitals, schools and businesses.
Specifically, the defendants developed browser modifications and malicious tools that could obtain and remotely access credentials and sensitive data from compromised machines. He also created programs to prevent Trickbot malware from being detected by legitimate security software.
Another TrickBot developer, Latvian Alla Witte, was sentenced to two years and eight months in prison in June 2023.
News of Dunayev’s sentencing comes days after the Australian, British and US governments imposed financial sanctions on Russian citizen Alexander Ermakov, the mastermind behind the REvil ransomware An affiliate of the gang for masterminding the 2022 attack on health insurance company Medibank.
Cybersecurity firm Intel 471 said Ermakov used various online aliases such as blade_runner, GustaveDore, JimJones, aiiis_ermak, GistaveDore, gustavedore, GustaveDore, Gustave7Dore, ProgerCC, SHTAZI and shtaziIT.
Jim Jones was also caught trying to recruit unscrupulous penetration testers who would provide vulnerable organizations with login credentials for subsequent ransomware attacks in exchange for $500 per visit and a 5% cut of the ransom proceeds.
“These identifiers are associated with a wide range of cybercriminal activity, including network intrusions, malware development and ransomware attacks,” the company said, providing insight into its cybercriminal history.
“Ermakov has a strong presence on cybercrime forums and plays an active role in the cybercrime-as-a-service economy, both as a buyer and provider, and as a ransomware operator and affiliate. Ermakov also appears to be involved in software development specifically Companies engaged in the development of legal and criminal software.”
