Russian Developer Of Trickbot Malware Sentenced To Five Years In U.S.

The Trickbot group, which was active from November 2015 through August 2020, operated in Russia, Belarus, Ukraine, and Suriname, according to the Justice Department. (illustrative image)

A Russian national has been sentenced to five years and four months in prison for his involvement in malicious software known as Trickbot used in ransomware attacks on U.S. hospitals, schools, and businesses, the U.S. Justice Department said on January 25.

The department said the sentence was handed down on January 24 to Vladimir Dunayev, 40, who has been in U.S. custody since 2021 after being extradited from South Korea. Dunayev pleaded guilty in November to conspiracy to commit computer fraud, identity theft, and other charges.

Trickbot acted as an initial "intrusion vector" into victim computer systems and was then used to support various ransomware variants, the Justice Department said in a news release.

“Hospitals, schools, and businesses were among the millions of Trickbot victims who suffered tens of millions of dollars in losses,” the department said.

The Trickbot group, which was active from November 2015 through August 2020, operated in Russia, Belarus, Ukraine, and Suriname, according to the Justice Department.

During Dunayev’s participation, 10 victims in the U.S. state of Ohio were defrauded of more than $3.4 million after Trickbot enabled the deployment of ransomware, the Justice Department said.

U.S. Attorney Rebecca C. Lutzko for the Northern District of Ohio said Dunayev and his co-defendants caused “immeasurable disruption and financial damage, maliciously infecting millions of computers worldwide."

One of Dunaev’s co-defendants, Alla Witte, a Latvian national, pleaded guilty to conspiracy to commit computer fraud and was sentenced to two years and eight months in prison. She was arrested in February 2021 in Florida and charged with several cybercrimes.

The original indictment alleged that Dunayev and six other people “stole money, confidential information, and damaged computer systems from unsuspecting victims, including individuals, financial institutions, school districts, utility companies, government entities, and private businesses."

It alleged that Dunayev performed a variety of developer functions in support of the Trickbot malware, “including managing the malware’s execution, developing popular browser modifications, and helping to conceal the malware from detection by security software.”

The malware is typically spread through e-mail campaigns that entice an individual to open a malicious file attachment or click on a link that leads to a malicious file.

Dunayev, originally from the Amur region in Russia's Far East, is one of dozens of ethnic Russians extradited from third countries to the United States since 2011 to face hacking charges. Russia does not turn over its own citizens to foreign law enforcement.