The malware gang behind the Trickbot ransomware exploits, also known as Conti, faces a new series of charges by both the U.S. and the U.K. governments.

The charges, filed yesterday, reveal the actual identities of the criminals, who will probably never see a courtroom, let alone a prison, anywhere in the world. Nevertheless, they represent a continued law enforcement effort to bring international cyber criminals to justice and disrupt their operations.

Earlier this year, seven Russian nationals received sanctions for activities going back to 2016 that began with a huge botnet designed to steal banking credentials and eventually moved into cryptocurrency thefts. “Trickbot has since evolved into a highly modular malware suite that enables a variety of malicious cyber activities, including ransomware,” according to the U.S. Justice Department blog post describing the operation. This week’s legal actions named 11 new individuals in an indictment unsealed by the DOJ, some of whom are shown below.

The new crowd are all Russian nationals and had various roles in the enterprise, including software developers, payment administrators, several midlevel managers and Andrey Zhuykov, who was identified as “a central actor and senior administrator in the group.”

The group was estimated to have stolen at least £27 million from 149 U.K. victims, and an additional $800 million elsewhere around the globe.

“These criminals thought they were untouchable, but our message is clear: we know who you are and, working with our partners, we will not stop in our efforts to bring you to justice,” said Rob Jones, the U.K. National Crime Agency’s director general of operations.

All of the group’s members are now subject to a variety of legal restrictions including travel bans and asset freezes, along with checks to block any transactions that might appear in legitimate global financial networks.

The members charged this week and earlier this year have dual identities in the Conti and Trickbot criminal organizations. Conti was taken down last year, but these members continued to operate. One of its ransomware calling cards was Qakbot, which was taken down by the FBI late last month.

Photo: UK NCA