The US Department of Justice has charged a Latvian woman for her alleged role in developing the Trickbot malware, which was responsible for infecting millions of computers, targeting schools, hospitals, public utilities, and governments.
After being arrested on February 6 in Miami, Florida, Alla Witte (aka Max) was charged with 19 counts of a 47-count indictment.
The DOJ said in a press release, Witte created the code used by Trickbot malware to control, launch, and manage ransomware payments.
Witte is also said to have given the Trickbot Group the code required to track and monitor approved malware users and the tools and protocols needed to store login credentials obtained from victims' networks.
The FBI's Cleveland Office and the Department of Justice's Ransomware and Digital Extortion Task Force investigated the case, which was formed to combat the rising number of ransomware and digital extortion attacks.
FBI special agent Eric B. Smith said. In a statement, "Witte and her associates are accused of infecting tens of millions of computers worldwide, in an effort to steal financial information to ultimately siphon off millions of dollars through compromised computer systems.
Trickbot is a malware variant that was first discovered in October 2016 as a modular banking trojan and has subsequently been updated with new modules and capabilities.
Microsoft and many partners reported on October 12 that they had taken down certain Trickbot C2s. Before the presidential election, the US Cyber Command apparently tried to destroy the botnet by sending infected devices a configuration file that cut them off from the botnet's C2 servers.
Despite these concerted attacks on TrickBot's infrastructure, the TrickBot gang's botnet remains alive, and new malware builds are continually being released.
The TrickBot gang is renowned for spreading the ransomware Ryuk and Conti onto the networks of valuable business targets.
According to Deputy Attorney General Lisa O. Monaco, Trickbot penetrated millions of victim computers throughout the world, harvesting banking information and delivering ransomware.
"The Trickbot malware was designed to steal the personal and financial information of millions of people around the world, thereby causing extensive financial harm and inflicting significant damage to critical infrastructure within the United States and abroad," Acting US Attorney Bridget M. Brennan of the Northern District of Ohio added.