Table of Contents
A prominent figure known as “stern” within teh Russian cybercrime underworld has been identified by German authorities as a key player in the notorious Trickbot and Conti ransomware operations.
German law enforcement officials have identified a central figure, known only as “Stern,” as being deeply embedded in the Russian cybercriminal network responsible for the Trickbot and Conti ransomware attacks. While cryptocurrency analysis firm Chainalysis refrained from commenting directly on the BKA’s identification of “Stern,” they acknowledged the persona as one of the most prolific and profitable ransomware actors they monitor.
According to a BKA spokesperson, “The investigation revealed that Stern generated meaningful revenues from illegal activities, in particular in connection with ransomware.”
Keith Jarvis, a senior security researcher at sophos’ Counter Threat Unit, notes that Stern “surrounds himself with very technical people, many of which he claims to have sometimes decades of experience, and he’s willing to delegate ample tasks to these experienced people whom he trusts. I think he’s always probably lived in that organizational role.”
Evidence suggests potential links between Stern and Russia‘s intelligence apparatus, specifically the Federal Security Service (FSB). Mentions of setting up an office for “government topics” in July 2020, along with observations from other Trickbot group members suggesting Stern as the “link between us and the ranks/head of department type at FSB,” further fuel these suspicions.
Stern’s consistent presence significantly contributed to the effectiveness of Trickbot and Conti, aided by the entity’s ability to maintain strong operational security and remain hidden.
“The investigation revealed that Stern generated significant revenues from illegal activities, in particular in connection with ransomware.”
As Sophos‘ Jarvis stated, “I have no thoughts on the attribution, as I’ve never heard a compelling story about stern’s identity from anyone prior to this proclamation.”
Frequently asked Questions
- What is ransomware?
- Ransomware is a type of malware that encrypts a victim’s data, demanding a ransom payment for its decryption.
- Who are Trickbot and Conti?
- Trickbot is a malware platform used for various malicious activities, including ransomware deployment. Conti was a prominent ransomware-as-a-service (RaaS) group.
- What is the FSB?
- The FSB is the Federal Security Service of Russia, responsible for counterintelligence, internal and border security.
- How can I protect myself from ransomware?
- Implement strong cybersecurity practices, including regular data backups, employee training, and up-to-date security software.
- What should I do if I become a victim of ransomware?
- Report the incident to law enforcement,isolate the affected systems,and consider consulting with cybersecurity professionals.
