US prosecutors allege that 38-year-old Vladimir Dunaev was part of a transnational criminal group that since 2015 has tried to steal millions of dollars from victims in the US and elsewhere.
The group allegedly used a piece of malicious software known as Trickbot and other tools to steal money and confidential data from businesses in multiple countries including the US, United Kingdom, Russia and India. The hackers also targeted the computer networks of hospitals, schools, public utilities and governments, according to prosecutors.
Dunaev is charged with conspiracy to commit computer fraud and aggravated identity theft, and multiple counts of wire and bank fraud, among other charges, the Justice Department said. He faces up to 60 years in prison if convicted on all counts.
Dunaev entered a not guilty plea in his initial court appearance Thursday and waved detention, according to Daniel Ball, a spokesman for the United States Attorney for the Northern District of Ohio.
An attorney for Dunaev could not be immediately reached for comment.
The arrest is a notable win for the US Justice Department, which is typically forced to wait until accused Russian cybercriminals leave Russia to pursue them because Washington and Moscow do not have an extradition treaty. It comes as the Biden administration has tried to pressure the Russian government to crack down on cybercrime amid continued ransomware attacks against US companies.
In a press release that did not mention Dunaev by name, the South Korean Ministry of Justice said it had extradited a Russian national accused of being involved in the Trickbot malware to the United States on October 20. The ministry said the Russian national was arrested in June at South Korea’s Incheon International Airport.
Another person allegedly involved with Trickbot, a Latvian national known as Alla Witte, was arrested in Miami in February and is also being prosecuted in the Northern District of Ohio. Prosecutors accused Witte of writing computer “code related to the control, deployment, and payments of ransomware.”
Witte pleaded not guilty in June, according to Ball, the Northern District of Ohio spokesman.
Dunaev also allegedly used his technical skills in support of Trickbot. According to prosecutors, he helped the malware avoid being detected by security software.
The Justice Department’s pursuit of foreign cybercriminals is meant as a complement to diplomatic pressure that US officials are putting on Moscow to address the issue. Despite a June meeting between Biden and Putin on the topic, ransomware attacks on US companies have continued.
Andres Sutt, a senior Estonian government official who attended the meeting, told CNN that governments need to invest a greater proportion of their IT budgets in cybersecurity to effectively defend against ransomware.
“If we look at the intensity of [ransomware] attacks, the sophistication, the impacts, I think it’s only clear that we need to respond in being more cyber resilient,” said Sutt, who is Estonia’s minister of entrepreneurship and information technology.