YOUNGSTOWN, Ohio (WKBN) — Several people have been indicted across three federal jurisdictions for cyber crimes involving foreign nationals who targeted some local entities.

A federal grand jury in the Northern District of Ohio returned an indictment charging nine people, all Russian nationals, with conspiring to use the Trickbot malware to steal money and personal and confidential information from victims, including businesses, banks and other entities in the U.S. and around the world, beginning in November 2015.

The case was filed in federal court in Youngstown because there are local victims.

The defendants are:

  • Maksim Galochkin, aka Bentley
  • Maksim Rudenskiy, aka Buza
  • Mikhail Mikhailovich Tsarev, aka Mango
  • Andrey Yuryevich Zhuykov, aka Defender
  • Dmitry Putilin, aka Grad and Staff
  • Sergey Loguntsov, aka Begemot
  • Zulas; Max Mikhaylov, aka Baget
  • Valentin Karyagin, aka Globus
  • Maksim Khaliullin, aka Maxfax, Maxhax and Kagas

Businesses and other entities were targeted using “spoof” websites and “Trickbots,” according to the indictment.

“The Justice Department has taken action against individuals we allege developed and deployed a dangerous malware scheme used in cyberattacks on American school districts, local governments, and financial institutions,” said Attorney General Merrick B. Garland. “Separately, we have also taken action against individuals we allege are behind one of the most prolific ransomware variants used in cyberattacks across the United States, including attacks on local police departments and emergency medical services.”

Trickbot malware was taken down in 2022, but while active, it acted as an initial pathway into victim computer systems, and was used to support various ransomware variants, including “Conti.”

“Conti” was a ransomware variant used to attack more than 900 victims worldwide, including victims in approximately 47 states, the District of Columbia, Puerto Rico, and approximately 31 foreign countries.

According to the FBI, in 2021, Conti ransomware was used to attack more critical infrastructure victims than any other ransomware variant. 

Indictments were also filed in the Middle District of Tennessee and the Southern District of California.