Wizard Spider, also known as Trickbot, DEV-0193, UNC2053, or Periwinkle Tempest,[1] was a cybercrime group based in and around Saint Petersburg in Russia.
[2][5] The group has been a target of Europol, Interpol, FBI and also the National Crime Agency in the United Kingdom.
[3][6] In 2020 their software infected three Minnesota medical facilities, locking staff out of computers,[7] which required court orders to try and force the hackers out of the command and control servers.
[16] Travel bans were imposed on them, their assets were seized and American and British companies and citizens are prohibited from conducting any business with them.
[16] Their names were Vitaliy Kovalev, Valery Sedletski, Valentin Karyagin, Maksim Mikhailov, Dmitry Pleshevskiy, Mikhail Iskritskiy and Ivan Vakhromeyev.
[7] The men named were: Other indictments were unsealed, including one in southern California against Maksim Galochkin, on three charges of hacking and deploying Conti on Scripps health hospitals.
Attacks usually begin by sending large amounts of spam to targets in order to trick victims into downloading malware.
[3] Intelligence agencies say that the group does not attack targets in Russia, nor do key figures travel outside the country for fear of being arrested.