Trickbot, first identified in 2016 by security researchers, was a trojan virus that evolved from the Dyre trojan. Dyre was an online banking trojan operated by Moscow-based individuals who began targeting non-Russian businesses and entities in mid-2014. Dyre and Trickbot were developed and operated by a group of cybercriminals to steal financial data from targets outside of Russia. The Trickbot trojan infected millions of victim computers worldwide, including those of U.S. businesses and individuals. It has since evolved into a highly modular malware suite that provides the Trickbot group the ability to conduct a variety of malicious cyber activities, including ransomware. During the height of the COVID-19 pandemic in 2020, the Trickbot group launched a wave of ransomware disruptions against hospitals and other healthcare centers across the United States. In one instance, the Trickbot group deployed ransomware against three Minnesota medical facilities, disrupting their computer networks and telephones, and causing a diversion of ambulances. Members of the Trickbot group publicly gloated over the ease of targeting the medical facilities and the speed with which ransoms had been paid to the group. Members of the Trickbot group are associated with Russian intelligence services. The Trickbot group’s preparations in 2020 aligned them to Russian state objectives and actions taken by the Russian intelligence services. This included targeting the U.S. Government and U.S. companies. Sergey Loguntsov was a developer for the Trickbot group. OFAC is designating each of these individuals pursuant to Executive Order (E.O.) 13694, as amended by E.O. 13757, for having materially assisted, sponsored, or provided financial, material, or technological support for, or goods or services to or in support of, an activity described in subsection (a)(ii) of section 1 of E.O. 13694, as amended.
Executive Order 13694 Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities;
Executive Order 13757 Taking Additional Steps to Address the National Emergency With Respect to Significant Malicious Cyber-Enabled Activities
On December 31, 2015, OFAC issued the Cyber-Related Sanctions Regulations, 31 CFR part 578 (80 FR 81752, December 31, 2015) (the “Regulations”) to implement Executive Order (E.O.) 13694 of April 1, 2015, “Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities” (80 FR 18077, April 2, 2015), pursuant to authorities delegated to the Secretary of the Treasury in E.O. 13694. The Regulations were initially issued in abbreviated form for the purpose of providing immediate guidance to the public. OFAC is revising the Regulations to further implement E.O. 13694, as amended by E.O. 13757 of December 28, 2016, “Taking Additional Steps to Address the National Emergency With Respect to Significant Malicious Cyber-Enabled Activities” (82 FR 1, January 3, 2017), as well as certain provisions of title II of the Countering America's Adversaries Through Sanctions Act (Pub. L. 115–44, 131 Stat. 886 (codified in scattered sections of 22 U.S.C.)) (CAATSA). OFAC is amending and reissuing the Regulations as a more comprehensive set of regulations that includes additional interpretive guidance and definitions, general licenses, and other regulatory provisions that will provide further guidance to the public. Due to the number of regulatory sections being updated or added, OFAC is reissuing the Regulations in their entirety.
E.O. 13694, as Amended by E.O. 13757. On April 1, 2015, the President, invoking the authority of, inter alia, the International Emergency Economic Powers Act (50 U.S.C. 1701 et seq.) (IEEPA), issued E.O. 13694. In E.O. 13694, the President determined that the increasing prevalence and severity of malicious cyber-enabled activities originating from, or directed by persons located, in whole or in substantial part, outside the United States constitute an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States, and declared a national emergency to deal with that threat.
On December 28, 2016, the President issued E.O. 13757 to take additional steps to deal with the national emergency with respect to significant malicious cyber-enabled activities declared in E.O. 13694. E.O. 13757 added an Annex to E.O. 13694 and amended section 1 of E.O. 13694 by replacing section 1(a) in its entirety.
