Latvian national accused of playing a role in a transnational organization fighting against cybercrime | Takeover bid
A Latvian national was brought to justice today in federal court in Cleveland, Ohio, on several counts relating to her alleged role in a transnational cybercrime organization responsible for creating and deploying a Computer banking Trojan horse and a ransomware malware suite known as “Trickbot”.
Alla Witte, alias Max, 55, is charged with 19 counts out of 47 counts, accusing her of participating in a criminal organization called the “Trickbot Group”, which deployed the Trickbot malware. The Trickbot Group operated in Russia, Belarus, Ukraine, and Suriname, and primarily targeted victim computers owned by businesses, entities, and individuals, including those in the Northern Ohio District and elsewhere in the United States. . Targets included hospitals, schools, utilities and governments. Witte, who previously resided in Paramaribo, Suriname, was arrested on February 6 in Miami, Florida.
“This indictment demonstrates the broad reach of the Justice Department’s ransomware and digital extortion task force,” Deputy Attorney General Lisa O. Monaco said. “Trickbot has infected millions of victimized computers around the world and has been used to collect bank credentials and deliver ransomware. The accused is accused of collaborating with other members of the transnational criminal organization to develop and deploy a digital suite of malicious tools used to target companies and individuals around the world for theft and ransom . These accusations serve as a warning to potential cybercriminals that the Department of Justice, through the Ransomware and Digital Extortion Task Force and alongside our partners, will use whatever tools at our disposal to disrupt the ecosystem. cybercriminal.
“The Trickbot malware was designed to steal the personal and financial information of millions of people around the world, causing significant financial damage and inflicting significant damage to critical infrastructure in the United States and abroad,” said Bridget Mr. Brennan, Acting Counsel for the United States. the northern district of Ohio. “Federal law enforcement, along with assistance provided by international partners, continue to fight and disrupt ransomware and malware wherever possible. We are united in our efforts to hold transnational hackers accountable for their actions. ”
“Witte and his associates are accused of infecting tens of millions of computers around the world, with the aim of stealing financial information and ultimately siphoning millions of dollars through compromised computer systems,” said special agent in charge of FBI’s Cleveland Field Eric B. Smith. Office. “Computer intrusions and malware infections take a lot of time, expertise and investigative effort, but the FBI will ensure these hackers are held accountable no matter where they reside or how badly they think. be anonymous. “
The indictment alleges that starting in November 2015, Witte and others stole money and confidential information from unsuspecting victims, including businesses and their financial institutions in the United States, in the United States. UK, Australia, Belgium, Canada, Germany, India, Italy, Mexico, Spain. , and Russia through the use of the Trickbot malware.
Witte and his co-conspirators have reportedly worked together to infect victims’ computers with Trickbot malware designed to capture online banking credentials and collect other personal information, including credit card numbers, emails, etc. passwords, dates of birth, social security numbers and addresses. Witte and others have also reportedly captured login credentials and other stolen personal information to access online bank accounts, perform unauthorized electronic fund transfers, and launder money through U.S. and foreign recipient accounts.
According to the indictment, Witte worked as a malware developer for the Trickbot Group and wrote code related to ransomware monitoring, deployment and payments. The ransomware informed victims that their computer was encrypted and that they would have to purchase special software through a Bitcoin address controlled by the Trickbot group to decrypt their files. Additionally, Witte allegedly provided code to the Trickbot group that monitored and tracked authorized users of the malware and developed tools and protocols to store stolen login credentials.
Witte is charged with one count of conspiracy to commit computer fraud and aggravated identity theft; one count of conspiracy to commit electronic and bank fraud affecting a financial institution; eight counts of bank fraud involving a financial institution; eight counts of aggravated identity theft and one count of conspiracy to commit money laundering. The defendant was brought to trial before U.S. District Judge William H. Baughman Jr. of the U.S. District Court for the Northern District of Ohio. If found guilty, she faces a maximum sentence of five years in prison for conspiring to commit computer fraud and aggravated identity theft; 30 years in prison for conspiring to commit electronic and bank fraud; 30 years in prison for each count of significant bank fraud; a mandatory two-year sentence for each charge of aggravated identity theft, which must be served consecutively to any other sentence; and 20 years in prison for criminal conspiracy in money laundering. A federal district court judge will determine any sentence after considering US sentencing guidelines and other statutory factors.
The FBI office in Cleveland investigated the case.
Senior Counsel CS Heath of the Computer Crime and Intellectual Property Section of the Criminal Division and Deputy U.S. Attorneys Daniel J. Riedl and Duncan T. Brown of the Northern District of Ohio are continuing the case.
This case is part of the Justice Department’s Ransomware and Digital Extortion Task Force, which was created to address the growing number of ransomware and digital extortion attacks. As part of the task force, the Criminal Division, in conjunction with the U.S. Prosecutor’s Offices, is prioritizing the disruption, investigation and prosecution of ransomware and digital extortion activity by tracking and dismantling development and deployment malware, identifying responsible cybercriminals, and holding those individuals accountable for their crimes. The department, through the task force, is also strategically targeting the broader ransomware criminal ecosystem and working with domestic and foreign government agencies as well as private sector partners to combat this significant criminal threat.
An indictment is only an allegation and the defendant is presumed innocent until proven guilty beyond a reasonable doubt in court.