The US Department of Justice has charged a Latvian woman for her role in allegedly developing the Trickbot malware, which was responsible for infecting millions of computers, targeting schools, hospitals, public utilities, and governments, the agency said in a news release.
The DOJ alleges that Alla Witte was part of a criminal organization known as the Trickbot Group that operated in Russia, Belarus, Ukraine, and Suriname. She allegedly helped develop the malware which was used to enable ransomware demands and payments. Victims would receive a notice that their computers were encrypted, the DOJ said, and were directed to buy special software through a bitcoin address linked to the Trickbot Group to have their files decrypted.
According to the DOJ, the Trickbot malware was designed to capture online banking login credentials to gain access to other personal information including credit card numbers, emails, passwords, Social Security numbers, and addresses. The group allegedly used stolen personal information “to gain access to online bank accounts, execute unauthorized electronic funds transfers and launder the money through U.S. and foreign beneficiary accounts,” the DOJ said.
Federal law enforcement agencies warned hospitals and healthcare providers last October of a credible ransomware threat by attackers using Trickbot to deploy ransomware such as Ryuk and Conti.
Witte was arrested February 6th in Miami. She is charged with 19 counts including conspiracy to commit computer fraud and aggravated identity theft, conspiracy to commit wire and bank fraud affecting a financial institution, aggravated identity theft, and conspiracy to commit money laundering.
