US, EU, UK Sanction Trickbot Administrator 'Stern' Behind $300M in Ransomware Payments

According to blockchain analysis firm Chainalysis, the US, EU, and UK on July 13, 2026 sanctioned a network of ransomware operators and infrastructure providers in one of the largest coordinated cyber enforcement actions to date. Central to the designations is Vitaly Nikolayevich Kovalev, known as 'Stern,' identified as administrator of the Trickbot syndicate responsible for Ryuk and Conti ransomware strains. Wallets associated with Kovalev have received over $300 million in ransom payments, representing his personal proceeds alone. Leaked internal communications indicate he held a senior executive role overseeing the syndicate's budget, hiring, and operations. The EU designation brings the total number of sanctioned Trickbot members to 19. The action also targeted infrastructure providers including First VPN Service and developers of LummaC2 malware-as-a-service, alongside state-linked actors from Russian GRU units.
Disclaimer: The information on this page may come from third-party sources and is for reference only. It does not represent the views or opinions of Gate and does not constitute any financial, investment, or legal advice. Virtual asset trading involves high risk. Please do not rely solely on the information on this page when making decisions. For details, see the Disclaimer.
Comment
0/400
No comments