In the conversations seen by WIRED, Target says the group will “learn to collaborate” with those behind the Ryuk ransomware, indicating that the two organizations are largely separate. That wouldn’t be the only working relationship Trickbot’s team has with outside parties. “Professor, who we believe also goes by the name Alter, seems to be a relatively significant player in terms of managing these specific ransomware deployment operations,” Goody says, “as well as requesting development of specific tools that would help enable those.” She adds that Professor has been linked to Conti ransomware operations in the last year and “appears to lead multiple sub-teams or has multiple team leaders” that report to them. Most of the group’s internal conversations, according to various sources-including US court documents-happen through instant messages on Jabber servers.Ī gang member going by the moniker Professor oversees much of the ransomware deployment work, Goody says. “There's a manager who oversees development work, and they have coders that work under them on specific projects.” Members of the group are encouraged to propose ideas, such as new scripts or malware, that developers could work on, Goody says, and generally the lower-level workers don’t talk to their senior colleagues. “There is generally a core team of developers,” Goody explains. Throughout the conversations viewed by WIRED, the group makes various references to “senior managers” working as part of Trickbot and its businesslike structure. “I’m sure that everything will pay off, so I’m not nervous.” “A good team leader has already been hired, and he will help gather the team,” Target continued. And finally, there would be an office for “programmers” and their equipment. “Hacker offices,” where 20-plus people worked, would be used for interviews, equipment, servers, and hiring, Target said. Two offices-“one main and one new for training”-were being used for the current operators’ expenses and expansion. Messages between Target and Stern show that in mid-2020 the group was spending money on three main areas. “Fuck clinics in the usa this week,” Target said as they gave the instruction to start targeting a list of 428 hospitals. The series of attacks prompted urgent warnings from federal agencies, including the Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation. Their aim: to force hospitals busy responding to the surging Covid-19 pandemic to quickly pay ransoms. And from the ridge immediately the answer flew in,” Target wrote.Īs Target typed, members of Trickbot were in the middle of launching a huge wave of ransomware attacks against hospitals across the United States. The exchange is included in previously unreported documents, seen by WIRED, that consist of hundreds of messages sent between Trickbot members and detail the inner workings of the notorious hacking group. “You see, how fast, hospitals and centers reply,” Target, a key member of the Russia-linked malware gang, boasted in messages to one of their colleagues. Thousands of miles away, just two days later members of the Trickbot cybercrime group privately gloated over what easy targets hospitals and health care providers make. The downtime at the Minnesota medical facilities was no technical glitch reports quickly linked the activity to one of Russia’s most notorious ransomware gangs. One local volunteer-run fire department said ambulances were being diverted to other hospitals officials reported patients and staff were safe. When the phones and computer networks went down at Ridgeview Medical Center’s three hospitals on October 24, 2020, the medical group resorted to a Facebook post to warn its patients about the disruption.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |