A red laptop

Russian developer of Trickbot malware sentenced to five years in prison

A Russian developer of Trickbot malware has been sentenced to five years and four months in prison, the U.S. Department of Justice said on Thursday.

According to court documents, 40-year-old Vladimir Dunaev was involved in developing and deploying the malicious software to launch cyberattacks against American hospitals, schools and businesses.

Dunaev was extradited from South Korea to the U.S. in 2021. In November, he pleaded guilty to charges of committing computer fraud, identity theft, and bank fraud.

Dunaev’s sentencing demonstrates the U.S.'s ability “to place cybercriminals behind bars, no matter where they are located,” DOJ Acting Assistant Attorney General Nicole Argentieri said in a statement.

Trickbot, which was taken down by U.S. law enforcement in 2022, was a set of tools designed to steal money and facilitate the installation of other ransomware variants on victims' devices. It is believed to have been used to steal more than $180 million worldwide.

Dunaev created browser modifications and malicious tools for Trickbot to harvest credentials and mine data from infected computers. Additionally, he improved remote access for Trickbot actors and developed a code to evade detection by legitimate security software, according to court documents.

While participating in the scheme, he defrauded ten victims in the Northern District of Ohio, including Avon schools and a North Canton real estate company, for more than $3.4 million using ransomware deployed via Trickbot.

In addition to Dunaev, prosecutors also charged six other defendants for their alleged roles in developing, deploying, managing, and profiting from Trickbot.

In June, one of Dunaev’s co-conspirators, Alla Witte — a Trickbot malware developer and Latvian national — pleaded guilty and was sentenced to two years and eight months in prison.

In February and September, the U.S. and U.K. also issued financial sanctions on 18 other members of Trickbot, freezing their assets and imposing travel bans.

The individuals targeted by the sanctions “include key actors involved in management and procurement for the Trickbot group, which has ties to Russian intelligence services,” according to the U.S. Treasury.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles

Daryna Antoniuk

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.