Russian Cybercrime Gang Trickbot Sanctioned by US, UK

According to Chainalysis, Trickbot is the second-highest earning cybercrime group, and has extorted at least $724 million in crypto.

AccessTimeIconFeb 9, 2023 at 9:56 p.m. UTC
Updated Feb 9, 2023 at 10:29 p.m. UTC

The U.S. and U.K. issued joint sanctions on Thursday against seven members of the infamous Russian cybercrime group Trickbot.

Though the U.S. has previously moved against Russian cyber criminals, the Trickbot sanctions are the first of their kind for the U.K. A press release issued by the British government on Thursday said that the Trickbot sanctions were part of “the first wave of a new coordinated action against international cyber crime.”

Trickbot is a notorious Russian cybercrime gang with close ties to Russian intelligence services. According to the U.S Treasury Department, Trickbot has been coordinating its attacks to align with “Russian state objectives,” including carrying out attacks on the U.S. government. During the COVID-19 pandemic Trickbot targeted hospitals and other medical facilities with ransomware attacks.

The group’s attacks are lucrative. According to Chainalysis data, Trickbot has raked in at least $724 million in crypto, making it the second-largest cybercrime gang by profit, coming only behind North Korea’s Lazarus Group.

The members of the Trickbot group that have been sanctioned vary from senior leadership to low-level administrators. Each has been added to the Treasury Department’s Office of Foreign Assets Control (OFAC) list of Specially Designated Nationals and Blocked Persons (SDN). The sanctioned members will also have certain assets frozen and travel bans imposed.

Vitaly Kovalev, also known as “Bentley” or “Ben,” is thought to be a senior leader in the Trickbot group with a history of cybercrime that pre-dates his involvement in the gang.

Other members sanctioned include Maksim Mikhailov, a developer known as “Baget;” Valentin Karyagin, a developer known as “Globus;” Mikhail Iskritskiy, an alleged money launderer for the group known as “Tropa;” Dmitry Pleshevskiy, a coder known as “Iseldor;” Ivan Vakhromeyev, a manger known as “Mushroom;” and Valery Sedleski, an administer known as “Strix.”


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

CoinDesk - Unknown

Cheyenne Ligon is a CoinDesk news reporter with a focus on crypto regulation and policy. She has no significant crypto holdings.

Learn more about Consensus 2024, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to to register and buy your pass now.