A Russian man named Vladimir Dunaev has been sentenced to more than five years in prison after being found guilty of his involvement in developing the Trickbot malware, which was used to extort businesses, including hospitals, during the COVID pandemic. The United States Justice Department announced the sentencing on Thursday, stating that Dunaev had pleaded guilty to multiple charges, including conspiracy to commit computer fraud and identity theft, as well as conspiracy to commit wire fraud and bank fraud. Dunaev, originally from Amur Oblast, was extradited from South Korea to the United States in 2021.
Dunaev, along with eight other Russians, some of whom are alleged to have links to Russian intelligence services, were indicted in the United States for their involvement in the Trickbot malware. Trickbot, a notorious malware, was taken down in 2022. The Justice Department stated that Dunaev provided “specialized services and technical abilities in furtherance of the Trickbot scheme.” He developed the malicious ransomware that was deployed to attack American hospitals, schools, and businesses, causing immeasurable disruption and financial damage.
According to the indictments, the Trickbot group has been operating since 2016, deploying malware and a ransomware program called Conti to target hundreds of victims across the United States and over 30 other countries. The group not only used the malware for extortion but also stole bank account logins and passwords from victims’ computers to drain money from their accounts. The operation is estimated to have reaped at least $180 million worldwide, according to Britain’s National Crime Agency.
During the 2020-2021 coronavirus pandemic, the Trickbot group specifically targeted hospitals and health care services. They would infiltrate computer systems, encrypt all the data, and demand large sums of money, typically paid in cryptocurrency, to restore the systems. One notable attack occurred in Minnesota, where three medical facilities were impacted, leading to disruptions in their computer networks, telephones, and even a diversion of ambulances.
The consequences of the Trickbot group’s actions were widespread and severe. In July 2020, a local government in a Tennessee town fell victim to an attack, resulting in the lockdown of local emergency medical services and the police department. In May 2021, a California hospital network, Scripps Health, experienced a virtual incursion that locked up the computers of 24 facilities providing acute-care and outpatient services.
Another member of the Trickbot group, Alla Witte, a Latvian national, was extradited from Suriname and pleaded guilty to conspiracy to commit computer fraud. Witte assisted in writing the code for Trickbot and also participated in laundering the proceeds from the ransomware. She was sentenced to two years and eight months in prison.
The sentencing of Vladimir Dunaev serves as a significant milestone in tackling the global issue of cybercrime. The Trickbot malware, developed by Dunaev and his co-conspirators, caused extensive harm to businesses and individuals worldwide, particularly during the COVID pandemic. The severity of their crimes and the financial losses incurred highlight the importance of international cooperation and law enforcement efforts in combating such malicious activities.