Slashdot reader Charlotte Web summarizes a Department of Justice press release: The U.S. Department of Justice says “millions” of computers around the world were infected with the Trickbot malware, which was used “to harvest banking credentials and deliver ransomware.”
In February they arrested a 55-year-old woman in Miami, Florida, saying she and her associates “are accused of infecting tens of millions of computers worldwide, in an effort to steal financial information to ultimately siphon off millions of dollars through compromised computer systems,” according to Special Agent in Charge Eric B. Smith of the FBI’s Cleveland Field Office. In October ZDNet was calling Trickbot “one of today’s largest malware botnets and cybercrime operations.”
Yesterday that woman — Alla Witte, aka “Max” — was arraigned in federal court in Cleveland, Ohio. According to the indictment, Witte worked as a malware developer for the Trickbot Group and wrote code related to the control, deployment, and payments of ransomware.
From the Department of Justice announcement:
The ransomware informed victims that their computer was encrypted, and that they would need to purchase special software through a Bitcoin address controlled by the Trickbot Group to decrypt their files. In addition, Witte allegedly provided code to the Trickbot Group that monitored and tracked authorized users of the malware and developed tools and protocols to store stolen login credentials… Witte and her co-conspirators allegedly worked together to infect victim computers with the Trickbot malware designed to capture online banking login credentials and harvest other personal information, including credit card numbers, emails, passwords, dates of birth, social security numbers and addresses. Witte and others also allegedly captured login credentials and other stolen personal information to gain access to online bank accounts, execute unauthorized electronic funds transfers and launder the money through U.S. and foreign beneficiary accounts…
If convicted, Witte faces a maximum penalty of 30 years in prison for conspiracy to commit wire and bank fraud; 30 years in prison for each substantive bank fraud count; a two-year mandatory sentence for each aggravated identity theft count, which must be served consecutively to any other sentence; and 20 years in prison for conspiracy to commit money laundering.
The indictment alleges that “beginning in November 2015, Witte and others stole money and confidential information from unsuspecting victims, including businesses and their financial institutions in the United States, United Kingdom, Australia, Belgium, Canada, Germany, India, Italy, Mexico, Spain, and Russia through the use of the Trickbot malware.” The AP reports the group is now accused of targeting high-reward victims which included hospitals, schools, public utilities, and governments, as well as real estate and law firms and country clubs.
Interestingly, this case is part of the U.S. Department of Justice’s “Ransomware and Digital Extortion Task Force,” with its Criminal Division working with the U.S. Attorneys’ Offices and prioritizing the disruption, investigation, and prosecution of ransomware “by tracking and dismantling the development and deployment of malware, identifying the cybercriminals responsible, and holding those individuals accountable for their crimes,” according to the department’s statement. “The department, through the Task Force, also strategically targets the ransomware criminal ecosystem as a whole and collaborates with domestic and foreign government agencies as well as private sector partners to combat this significant criminal threat.”
“These charges serve as a warning to would-be cybercriminals,” said Deputy Attorney General Lisa O. Monaco, “that the Department of Justice, through the Ransomware and Digital Extortion Task Force and alongside our partners, will use all the tools at our disposal to disrupt the cybercriminal ecosystem.”