Trickbot, Conti Ransomware Operator Unmasked Amid Huge Ops Leak
An anonymous whistleblower has leaked large amounts of data tied to the alleged operator behind Trickbot and Conti ransomware.
TrickBot is malware associated with cyber incidents, with reporting on its analysis, infrastructure, disruption efforts, and defensive guidance.
Search across headline titles and summaries.
Background for this topic.
TrickBot is a modular Windows malware family first identified as a banking Trojan in 2016. Its modules have supported theft of credentials and other sensitive information, system discovery, and remote control. In documented campaigns, operators also used TrickBot as an access and payload-delivery component, including before ransomware activity; those associations do not mean every TrickBot infection leads to ransomware.
Reporting commonly covers TrickBot’s modules, command-and-control infrastructure, changing delivery mechanisms, and efforts to disrupt its operations. For defenders, an alert should prompt investigation beyond the initially infected host: isolate it, examine authentication and endpoint telemetry for credential theft or lateral activity, and reset exposed credentials from a trusted system. Keeping operating systems and internet-facing software patched, restricting administrative access, and monitoring unusual outbound connections can reduce the opportunity for follow-on activity. Threat-intelligence indicators are useful for detection, but should be combined with behavioral evidence because the malware and its infrastructure have changed over time.
Weekly headline count for the current query.
An anonymous whistleblower has leaked large amounts of data tied to the alleged operator behind Trickbot and Conti ransomware.
'It's a high-stakes intelligence war' he told El Reg exclusive A mystery whistleblower calling himself GangExposed has exposed key figures behind the Conti and Trickbot ransomware crews, publishing a trove of internal files and naming names.…
The Federal Criminal Police Office of Germany (Bundeskriminalamt or BKA) claims that Stern, the leader of the Trickbot and Conti cybercrime gangs, is a 36-year-old Russian named Vitaly Nikolaevich Kovalev. [...]
Law enforcement agencies in the United States and Europe today announced Operation Endgame, a coordinated action against some of the most popular cybercrime platforms for delivering ransomware and data-stealing malware. Dubbed "the largest ever operation against botnets," the international effort is being billed as the opening salvo in an ongoing campaign targeting advanced malware "droppers" or "loaders" like IcedID, Smokeloader and Trickbot.
Europol on Thursday said it shut down the infrastructure associated with several malware loader operations such as IcedID, SystemBC, PikaBot, SmokeLoader, Bumblebee, and TrickBot as part of a coordinated law enforcement effort codenamed Operation Endgame
An international law enforcement operation codenamed 'Operation Endgame' has seized over 100 servers worldwide used by multiple major malware loader operations, including IcedID, Pikabot, Trickbot, Bumblebee, Smokeloader, and SystemBC. [...]
An international law enforcement operation codenamed 'Operation Endgame' has seized over 100 servers worldwide used by multiple major malware loader operations, including IcedID, Pikabot, Trickbot, Bumblebee, Smokeloader, and SystemBC. [...]
40-year-old Russian national Vladimir Dunaev has been sentenced to five years and four months in prison for his role in creating and distributing the TrickBot malware, the U.S. Department of Justice (DoJ) said
Rest of the crew still at large A former Trickbot developer has been sent down for five years and four months for his role in infecting American hospitals and businesses with ransomware and other malware, costing victims tens of millions of dollars in losses.…
Vladimir Dunaev Acknowledged Acting 'Recklessly' in Working for Cybercriminal GroupA U.S. federal judge sentenced a Russian national to five years and four months in prison for his role in developing TrickBot malware. Vladimir Dunaev, 40, pleaded guilty in December. Dunaev helped develop the malware "while hiding behind his computer," U.S. Attorney Rebecca Lutzko said.
Russian national Vladimir Dunaev has been sentenced to five years and four months in prison for his role in creating and distributing the Trickbot malware used in attacks against hospitals, companies, and individuals worldwide. [...]
40-year-old was extradited from South Korea
A Russian national has been found guilty in connection with his role in developing and deploying a malware known as TrickBot, the U.S. Department of Justice (DoJ) announced
Vladimir Dunaev Faces Up to 35 Years in PrisonA Russian national pleaded guilty in U.S. federal court for his role in developing TrickBot. Operators of the malware targeted hospitals and healthcare centers with ransomware attacks during the height of the novel coronavirus pandemic. Vladimir Dunaev faces up to 35 years in prison.
On Thursday, a Russian national pleaded guilty to charges related to his involvement in developing and deploying the Trickbot malware, which was used in attacks against hospitals, companies, and individuals in the United States and worldwide. [...]
Hunt continues for the other elusive high-ranking members Another member of the Trickbot malware crew now faces a lengthy prison sentence amid US law enforcement's ongoing search for its leading members.…
It started as a slow ransomware news week but slowly picked up pace with the Department of Justice announcing indictments on TrickBot and Conti operations members. [...]
The U.K. and U.S. governments on Thursday sanctioned 11 individuals who are alleged to be part of the notorious Russia-based TrickBot cybercrime gang
US Treasury officials said the sanctions move is part of its effort to combat Russian state-sponsored cybercrime.
Discover what the increased regulatory risk due to recent US and UK sanctions imposed on TrickBot and Conti cybercriminals mean for CISOs and board members.