CyberSecurityBoard
Sponsor Register Login

Ransomware Groups Using TrickBot Malware to Exfiltrate US$724 Million in Cryptocurrency

This multi-stage approach enables operators to customize their attacks based on the value and accessibility of compromised systems, ultimately leading to the deployment of ransomware payloads that facilitate the massive cryptocurrency extortion campaigns observed by security researchers. The TrickBot malware family has emerged as a central component in a massive cryptocurrency extortion scheme, with ransomware-as-a-service (RaaS) groups leveraging this versatile banking trojan to facilitate attacks worth over US$724 million in cryptocurrency. These scheduled tasks serve as persistence mechanisms, ensuring the malware maintains its foothold within compromised systems even after system reboots or security interventions. The current threat landscape shows ransomware groups continuously evolving their extortion tactics, with quadruple extortion representing the newest approach while double extortion remains the most prevalent method. These groups have weaponized the malware’s extensive capabilities, using it not only for initial access but also as a platform for deploying secondary payloads and maintaining persistent access to compromised networks. Akamai analysts identified the malware’s presence across multiple customer environments, observing four distinct malicious scheduled tasks deployed across five separate customer assets. These scheduled tasks are configured to launch TrickBot components during system startup or at specific time intervals, ensuring continuous operation. TrickBot, originally designed as a banking trojan, has transformed into a multi-purpose tool utilized by various ransomware operators including Black Basta and FunkSec. The cybersecurity landscape continues to evolve as ransomware groups adopt increasingly sophisticated tactics to maximize their financial gains. The malware typically creates tasks with names designed to appear legitimate, often mimicking system processes or common software update routines.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 31 Jul 2025 20:30:34 +0000


Cyber News related to Ransomware Groups Using TrickBot Malware to Exfiltrate US$724 Million in Cryptocurrency

10 Best Ransomware Protection Tools - 2025 - It protects devices from ransomware and other cyber threats using advanced threat intelligence, behavioral analysis, and cloud-based technology. It monitors and prevents ransomware assaults on personal files and automatically restores encrypted ...
10 months ago Cybersecuritynews.com
TrickBot malware dev pleads guilty, faces 35 years in prison - On Thursday, a Russian national pleaded guilty to charges related to his involvement in developing and deploying the Trickbot malware, which was used in attacks against hospitals, companies, and individuals in the United States and worldwide. ...
2 years ago Bleepingcomputer.com
US readies prison cell for another Russian Trickbot dev The Register - Another member of the Trickbot malware crew now faces a lengthy prison sentence amid US law enforcement's ongoing search for its leading members. Russian national Vladimir Dunaev, 40, faces a maximum sentence of 35 years in prison for his involvement ...
2 years ago Go.theregister.com Wizard Spider
10 Best Ransomware File Decryptor Tools in 2025 - Kaspersky Rakhni Decryptor contains different decryption tools based on various versions of Rakhni ransomware and helps you decrypt encrypted files on your system. PyLocky Ransomware Decryption Tool is a free and open source developed and released by ...
8 months ago Cybersecuritynews.com
Ransomware Groups Using TrickBot Malware to Exfiltrate US$724 Million in Cryptocurrency - This multi-stage approach enables operators to customize their attacks based on the value and accessibility of compromised systems, ultimately leading to the deployment of ransomware payloads that facilitate the massive cryptocurrency extortion ...
4 months ago Cybersecuritynews.com Black Basta
Trickbot malware developer sentenced to 5 years behind bars The Register - A former Trickbot developer has been sent down for five years and four months for his role in infecting American hospitals and businesses with ransomware and other malware, costing victims tens of millions of dollars in losses. Vladimir Dunaev, of ...
1 year ago Go.theregister.com
Russian TrickBot Malware Developer Pleaded Guilty - Vladimir Dunaev, a resident of Amur Blast and aged 40, has confessed to creating and distributing Trickbot malware. The purpose of the malware was to launch cyberattacks against various American hospitals and companies. Trickbot has a collection of ...
1 year ago Gbhackers.com
Russian developer of Trickbot malware pleads guilty, faces 35-year sentence - A Russian national pleaded guilty in federal court in Cleveland on Thursday to charges related to his involvement in developing and deploying the malicious software known as Trickbot. He faces a maximum penalty of 35 years, the U.S. Department of ...
2 years ago Therecord.media
Russian TrickBot Malware Developer Sentenced to Prison in US - A Russian national has been sentenced in the US to five years and four months in prison for his role in the development and distribution of the TrickBot malware. On November 30, 2023, the man, Vladimir Dunaev, 40, of Amur Oblast, Russia, admitted in ...
1 year ago Securityweek.com
Trickbot Malware Developer Pleads Guilty - A 40-year-old Russian national, Vladimir Dunaev, pleaded guilty for developing and deploying Trickbot malware. Trickbot, a suite of malware tools, targeted hospitals and businesses, causing millions in losses. Trickbot is a sophisticated modular ...
2 years ago Gbhackers.com
Russian Pleads Guilty to Role in Developing TrickBot Malware - A Russian national has admitted to his role in developing and using the notorious TrickBot malware. Vladimir Dunaev, 40, pleaded guilty to his involvement in the development and deployment of the TrickBot malware, which was used in cyberattacks ...
2 years ago Securityweek.com
6 Ransomware Trends & Evolutions For 2023 - More than any other industry, cybersecurity is constantly changing. The number of major paradigm shifts that have transformed the world of cybersecurity in the past few years has been unprecedented, especially when it comes to combating ransomware. ...
2 years ago Trendmicro.com TeamTNT
1 1
How Businesses Can Manage Cryptocurrency Fraud - With cryptocurrency payments on the rise, businesses must learn how to safeguard against potential risks. Businesses across the US are seeking innovative payment methods, with an estimated 75% of retailers looking to embrace cryptocurrency payment ...
1 year ago Cyberdefensemagazine.com
The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
1 year ago Securityboulevard.com TA505 8base LockBit BianLian Medusa Noescape Black Basta
Penalties Imposed on Individuals Involved in TrickBot and Conti Ransomware Activities by the US and UK - Today, the United States and the United Kingdom have taken action against seven Russian individuals for their involvement in the TrickBot cybercrime group. This group is responsible for developing malware such as TrickBot, BazarBackdoor, Anchor, and ...
2 years ago Bleepingcomputer.com
Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
2 years ago Heimdalsecurity.com LockBit
How to Extract Malware Configurations in a Sandbox - The most sought-after source of these indicators is malware configurations. Malware Sandboxing Leader ANY.RUN handles the heavy lifting of phishing and malware analysis for SOC and DFIR teams and also helps 300,000 professionals use the platform to ...
1 year ago Gbhackers.com
Ransomware trends and recovery strategies companies should know - Ransomware attacks can have severe consequences, causing financial losses, reputational damage, and operational disruptions. The methods used to deliver ransomware vary, including phishing emails, malicious websites, and exploiting vulnerabilities in ...
2 years ago Helpnetsecurity.com
Ransomware in 2024: Anticipated impact, targets, and landscape shift - As ransomware continues to be on the rise, we can expect groups to continue to evolve their attacks and operate at a larger scale for bigger profits. Here is what we can expect the ransomware landscape to look like in 2024. In 2024, we'll see more ...
2 years ago Helpnetsecurity.com LockBit
Medusa Ransomware Turning Your Files into Stone - Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. The Unit 42 ...
1 year ago Unit42.paloaltonetworks.com Medusa
Cisco Talos Report: New Trends in Ransomware, Network Infrastructure Attacks, Commodity Loader Malware - The Cisco Talos Year in Review report released Tuesday highlights new trends in the cybersecurity threat landscape. We'll focus on three topics covered: the ransomware cybercriminal ecosystem, network infrastructure attacks and commodity loader ...
2 years ago Techrepublic.com LockBit
Waiting for the BlackCat rebrand - We saw another ransomware operation shut down this week after first getting breached by law enforcement and then targeting critical infrastructure, putting them further in the spotlight of the US government. While the Tor onion domain seizure was a ...
1 year ago Bleepingcomputer.com Medusa Cuba STORMOUS
Chainalysis observes decrease in cryptocurrency crime in 2023 - While the ransomware market is rising and cybercriminals continue to rack up bitcoin payments, illicit cryptocurrency activity is declining, according to new research from Chainalysis. Funds sent to illicit cryptocurrency addresses dropped from $39.6 ...
1 year ago Techtarget.com Rocke
Navigating Ransomware: Securin's Insights and Analysis from 2023 - As ransomware attackers continue to evolve and adapt their techniques, organizations must refine and adapt their security strategies to stay ahead of these threats. Human-augmented, actionable threat intelligence plays a critical role in every ...
1 year ago Cybersecurity-insiders.com FIN8 Scattered Spider LockBit
The Week in Ransomware - Governments struck back this week against members of ransomware operations, imposing sanctions on one threat actor and sentencing another to prison. On Tuesday, the Australian, US, and UK governments announced sanctions against Aleksandr Gennadievich ...
1 year ago Bleepingcomputer.com LockBit BianLian Akira Cactus

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)