The worldwide scourge of cybercrime has reached new heights with the recent indictment of nine individuals by the US Justice Department. This notorious cybercriminal network, with alleged connections to Russian intelligence, has targeted hospitals in the US, wreaking havoc and amassing over $100 million in ransom payments.

Efforts to dismantle this criminal operation have been underway for years, led by the FBI. Their investigation reveals a group that not only targeted hospitals but also pledged allegiance to Russia during the assault on Ukraine. Shockingly, these criminals even discussed hacking a journalist who was investigating the poisoning of Kremlin critic Alexey Navalny.

The nine indicted individuals, comprising eight Russians and a Ukrainian, are currently at large. However, US officials are hopeful that a rewards program initiated by the State Department, offering multimillion-dollar incentives, may encourage individuals with information to come forward once these cybercriminals leave the safety of Russia.

“The offer has proven to be highly valuable to us and our operations against cybercriminals,” reveals a senior FBI official.

To further cripple the network, the Treasury Department has imposed sanctions, severing the individuals’ access to the US dollar.

This latest move is part of a broader campaign by the US and its allies to disrupt ransomware gangs that have targeted schools and healthcare providers in Russia and Eastern Europe. However, cooperation from the Russian government has been non-existent, leaving the US Justice Department to rely on public exposure of the hackers’ tactics and seizing their computer infrastructure when hosted by Western tech firms. The hope remains that these cybercriminals will unknowingly travel to countries willing to extradite them to face justice in the US.

Despite the slim odds of arrest, the US has managed to apprehend several accused Russian hackers, including one who received a nine-year prison sentence for his involvement in a $93 million securities trading scheme.

US officials have considered these alleged Russian hackers as potential bargaining chips for prisoner swap negotiations, in hopes of securing the release of Americans detained in Russia.

The nine individuals indicted used two types of hacking tools associated with Russian-speaking cybercriminals: TrickBot and Conti. TrickBot was used to initially breach the victims’ systems, while Conti was employed to lock their computers and demand exorbitant ransoms. These tools, which overlap in terms of personnel, have caused extensive damage to organizations worldwide, including nearly 300 in the US alone.

The impact of the Conti ransomware is evident in the colossal $180 million in ransom payments it has generated, according to UK officials who also imposed sanctions on some of the alleged cybercriminals behind it.

In a shocking turn of events, the Conti gang openly voiced its support for the Russian government during its attack on Ukraine. In response, a Ukrainian cybersecurity researcher retaliated by leaking internal documents that implicated the Conti operatives’ links with the Russian government.

While the use of Conti code has slowed down in recent ransomware attacks, it does not indicate a decline in the activities of these hackers. “Conti went away, but the actors didn’t necessarily,” admits the senior FBI official.

The current whereabouts of the nine newly indicted individuals remain unknown, and the FBI is unwilling to divulge details on how they track these cybercriminals. One thing is clear: this investigation is far from over.

