{"id":135087,"date":"2022-02-02T05:22:20","date_gmt":"2022-02-02T13:22:20","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2022\/02\/inside-trickbot-russias-notorious-ransomware-gang"},"modified":"2022-02-02T05:22:20","modified_gmt":"2022-02-02T13:22:20","slug":"inside-trickbot-russias-notorious-ransomware-gang","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2022\/02\/inside-trickbot-russias-notorious-ransomware-gang","title":{"rendered":"Inside Trickbot, Russia\u2019s Notorious Ransomware Gang"},"content":{"rendered":"

<\/a><\/p>\n

Despite the arrests and wider ransomware crackdowns in Russia, the Trickbot group has not exactly gone into hiding. Toward the end of last year, the group boosted its operations<\/a>, says Limor Kessem, an executive security advisor at IBM Security. \u201cThey\u2019re trying to infect as many people as possible by contracting out the infection,\u201d she says. Since the start of 2022, the IBM security team has seen Trickbot increase its efforts to evade security protections and conceal its activity<\/a>. The FBI also formally linked the use of the Diavol ransomware to Trickbot at the beginning of the year. \u201cTrickbot doesn\u2019t seem to be targeting very specifically; I think what they have is numerous affiliates working with them, and whoever brings the most money is welcome to stay,\u201d Limor says.<\/p>\n

Holden too says he has seen evidence that Trickbot is ramping up its operations. \u201cLast year they invested more than $20 million into their infrastructure and growth of their organization,\u201d he explains, citing internal messages he has seen. This money, he says, is being spent on everything Trickbot does. \u201cStaffing, technology, communications, development, extortion\u201d are all getting extra investment, he says. The move points to a future where\u2014after the takedown of REvil\u2014the Trickbot group may become the primary Russia-linked cybercrime gang. \u201cYou expand in the hope of getting that money back in spades,\u201d Holden says. \u201cIt\u2019s not like they are planning to close the shop. It\u2019s not like they are planning to downsize or run and hide.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"

Despite the arrests and wider ransomware crackdowns in Russia, the Trickbot group has not exactly gone into hiding. Toward the end of last year, the group boosted its operations, says Limor Kessem, an executive security advisor at IBM Security. \u201cThey\u2019re trying to infect as many people as possible by contracting out the infection,\u201d she says. [\u2026]<\/p>\n","protected":false},"author":396,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34,20],"tags":[],"class_list":["post-135087","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode","category-futurism"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/135087","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/396"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=135087"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/135087\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=135087"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=135087"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=135087"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}