Trickbot Developer Sentenced to 5 Years

Trickbot Developer Sentenced to 5 Years

By cryptogod-1 | CryptoGod-1 : Crypto & Blockchain | 28 Jan 2024

Good day everyone,

I hope you are all well and had an excellent weekend, welcome to CryptoGod-1’s blog on all things crypto. In this post I will be looking at the recent news regarding the sentencing of a Russian developer who aided in the Trickbot ransomware which led to the theft of $833 million.

 

 

Trickbot Ransomware

The 40-year-old Russian developer of Trickbot ransomware has been given a five-year and four-month prison sentence, according to the United States Department of Justice (DOJ). This was noted in a press release dated the 25th of January 2024, and within the DOJ noted that the individual in question is Vladimir Dunaev from Amur Oblast, Russia. According to court documents the DOJ noted that Dunaev provided specialized services and technical expertise in the development of the Trickbot ransomware. This latest development comes almost two months after Dunaev pleaded guilty to committing computer fraud and identity theft and conspiracy to commit wire fraud and bank fraud.

The Trickbot ransomware was a malicious software used to target hospitals, schools, and millions of businesses’ computer networks. This resulted in substantial financial losses and the DOJ noted that Dunaev was assisted with 10 other co-conspirators in causing tens of millions of dollars in damages to these victims. An example given by the DOJ was 10 victims in the Northern District of Ohio. This included Avon Schools and a North Canton real estate firm, which lost more than $3.4 million to the ransomware deployed by Trickbot. The DOJ noted:

 

"Hospitals, schools, and businesses were among the millions of TrickBot victims who suffered tens of millions of dollars in losses. While active, Trickbot malware, which acted as an initial intrusion vector into victim computer systems, was used to support various ransomware variants."

 

The software originated as a banking trojan in 2016 and from there the Trickbot evolved into a Swiss Army knife capable of delivering additional payloads. This included ransomware, and although efforts were made to take down the bot, it was absorbed into the Conti ransomware operation in 2022.

The allegiance of the cybercrime group to Russia during the Russo-Ukrainian war led to a series of leaks dubbed ContiLeaks and TrickLeaks. These were instrumental in shutting down Trickbot in mid-2022, which resulted in its fragmentation into numerous other ransomware and data extortion groups. Sepcialised services were provided by Dunaev thanks to his technical abilities, which allowed the developer to deploy browser modifications and malicious tools that made it possible to harvest credentials and sensitive data from compromised machines. Remote access was also included, meaning the group was able to focus on secretly pilfering money from their target victims and installing malware that cannot be detected by anti-virus software scanners.

Chainalysis report in September 2023 noted how Trickbot facilitated the deployment of several ransomware strains, including Ryuk, Conti, Diavol, and Karakurt. These tools allowed the 'Trickbot crew' to steal $833 million worth of cryptocurrency assets during their operation. Dunaev was initially arrested in 2021 in the Republic of Korea and then extradited to the US to face criminal charges. He pleaded guilty on the 30th of November 2023. A Latvian national known as Alla Witte, and co-conspirator of Dunaev, has also pleaded guilty to conspiracy to commit computer fraud and was sentenced to two years and eight months in prison back in June 2023. Other members of the Trickbot crew are still at large, but the DOJ remains steadfast in its efforts to dismantle the notorious Trickbot cybercriminal syndicate. 

A September 2023  press release by the Treasury Department’s Office of Foreign Assets Control (OFAC) noted how they had sanctioned 11 key members of the team, and it was done in collaboration with the United Kingdom government.

 

With the governments from Australia, the U.K., and the U.S. imposing sanctions on Alexander Ermakov, a Russian national and an affiliate for the REvil ransomware gang, for his role in the attack against health insurance provider Medibank, it is clear the governments are not taking this threat lightly. Ermakov is known to have made use of various online aliases such as blade_runner, GustaveDore, JimJones, aiiis_ermak, GistaveDore, gustavedore, GustaveDore, Gustave7Dore, ProgerCC, SHTAZI, and shtaziIT.

While using the aliases JimJones he attempted to recruit 'unethical penetration testers' to supply login credentials for vulnerable organisations. In return they would be given $500 per access and a 5% cut from the follow-on ransomware attacks. Intel471, a cybersecurity intelligence firm, noted:

 

"These identifiers are linked to a wide range of cybercriminal activity, including network intrusions, malware development, and ransomware attacks. Ermakov had a robust presence on cybercriminal forums and an active role in the cybercrime-as-a-service economy, both as a buyer and provider and also as a ransomware operator and affiliate. It also appears that Ermakov was involved with a software development company that specialized in both legitimate and criminal software development."

 

With crypto theft a major issue in the development and adoption of the digital assets, it has been noted that $1.7 billion was stolen in crypto assets during 2023 by Chainalysis. They also noted how cyber threat groups such as the North Korea-backed Lazarus Group claimed approximately $1 billion of these funds.

  While the figure is extremely high, Chainalysis also noted how the $1.7 billion loss is 54.3% lower than the $3.7 billion in crypto losses recorded in 2022. This decline is due to enhanced security measures, which have made things more difficult for crypto hackers, along with the decline in value of crypto assets during 2023. It was be interesting to see what figure of stolen funds in reported at the end of 2024 given the rise in value of crypto assets along with the impending bull market.

 

 

 

Have a great day.

Peace. CryptoGod-1.

 

Referral Links and Follow Me:

Linktree

Resources

  1. https://cryptonews.com/news/trickbot-ransomware-developer-behind-833m-crypto-theft-gets-prison-term.htm
  2. https://thehackernews.com/2024/01/russian-trickbot-mastermind-gets-5-year.html
  3. https://protos.com/developer-jailed-for-aiding-trickbot-ransomware-behind-800m-crypto-theft/
  4. https://thehackernews.com/images/-vJBxgGhbBDs/YO07bLU-kaI/AAAAAAAADKs/VgNZOxIGL1sYbChRpuxOy3LluhtPtk3HACLcBGAsYHQ/s0/trickbot.jpg
  5. https://www.securityweek.com/wp-content/uploads/2023/10/Iounut-SecurityWeek.jpg
  6. https://intel471.com/company
Cryptocurrency Crypto Blockchain Crypto News Scam

How do you rate this article?

46
cryptogod-1
cryptogod-1

Writer, designer, creator, and life enthusiast. I love to read and write and enjoy sharing my passion for crypto, sports, literature and everything and anything I can enjoy in life.

CryptoGod-1 : Crypto & Blockchain
CryptoGod-1 : Crypto & Blockchain

Enthusiast here looking to share my ideas, thoughts, analysis, and experience when it comes to all things crypto

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.
BlackRock Just Pulled $2 Billion From Bitcoin. Here's Why It's Not What You Think. BlackRock Just Pulled $2 Billion From Bitcoin. Here's Why It's Not What You Think.
Mohammad Ali Kamran Jalali

Mohammad Ali Kamran Jalali

11 hours ago
4 minute read

The state of the Cryptocurrency market in May 2026 The state of the Cryptocurrency market in May 2026
YoussoufDelve

YoussoufDelve

10 hours ago
1 minute read

MEXC Tops New Contract Listings in CoinGecko's 2026 State of Crypto Perpetuals Report MEXC Tops New Contract Listings in CoinGecko's 2026 State of Crypto Perpetuals Report
Blockman PR

Blockman PR

9 hours ago
2 minute read