Russian Cybercriminal Sentenced to Over Five Years in Prison for Trickbot Malware
A Russian national has been handed a prison sentence of more than five years for his involvement in the development and deployment of the notorious Trickbot malware, which targeted businesses, including hospitals, during the height of the Covid-19 pandemic. The United States Department of Justice made this announcement on Thursday.
Vladimir Dunaev, aged 40, who was extradited from South Korea to the United States in 2021, had previously pleaded guilty in November to charges of conspiracy to commit computer fraud and identity theft, as well as conspiracy to commit wire fraud and bank fraud.
Dunaev, originally from Amur Oblast, has been sentenced to a total of five years and four months in prison. This verdict was handed down by a judge in the midwestern state of Ohio, according to a statement issued by the Justice Department.
Dunaev was among a group of nine Russian individuals, some of whom are suspected of having ties to Russian intelligence agencies, who were indicted in the United States for their roles in the Trickbot operation, which was dismantled in 2022.
The Justice Department’s investigation revealed that Dunaev provided specialized services and technical expertise in furtherance of the Trickbot scheme. His involvement included the development and deployment of malicious ransomware that targeted American hospitals, schools, and businesses.
US Attorney Rebecca Lutzko commented on the case, stating, “He and his co-defendants caused immeasurable disruption and financial damage, maliciously infecting millions of computers worldwide.”
The Trickbot group, since 2016, had been deploying malware and a related ransomware program known as Conti to launch attacks on numerous targets within the United States and over 30 other countries. Their activities also extended to stealing bank account login credentials and passwords, with the intention of siphoning funds from victimized accounts.
According to Britain’s National Crime Agency, this operation generated a minimum of $180 million in illicit gains on a global scale. Particularly alarming was the group’s focus on hospitals and healthcare services during the Covid-19 pandemic, where they would compromise computer systems, encrypt data, and demand substantial ransoms, often amounting to millions of dollars, to restore access to the affected systems. Payments were typically made in cryptocurrency.
US officials cited examples of their attacks, including one that disrupted the computer networks and telephones of three medical facilities in Minnesota, leading to ambulance diversions. In July 2020, a local government in a Tennessee town fell victim to an attack that paralyzed local emergency medical services and the police department. In May 2021, a virtual incursion targeted California’s Scripps Health, impacting the computer systems of 24 medical facilities.
Another member of the Trickbot group, Alla Witte, a Latvian national, had previously pleaded guilty to conspiracy to commit computer fraud. She was extradited from Suriname, where she had played a role in coding for Trickbot and laundering ransomware proceeds. Witte has been sentenced to two years and eight months in prison.
This sentencing sends a strong message that cybercriminals involved in high-profile attacks will face significant consequences for their actions, serving as a deterrent to those engaged in similar illicit activities.