NASHVILLE, Tenn. (WKRN) — Several Russian nationals have been indicted for their alleged cybercrimes, in which officials said they targeted Tennessee hospital systems and law enforcement agencies.

The Middle District of Tennessee indictment is one of three in multiple different federal jurisdictions that were recently unsealed, the U.S. Department of Justice (DOJ) announced on Thursday, Sept. 7.

Federal grand juries in Middle Tennessee, Southern California and Northern Ohio all returned indictments charging multiple Russians believed to be involved in the Trickbot malware and Conti ransomware schemes.

According to court documents and public reporting, Trickbot, which was taken down in 2022, was a suite of malware tools designed to steal money and facilitate the installation of ransomware.

Hospitals, schools and businesses were among the millions of Trickbot victims who the DOJ said suffered tens of millions of dollars in losses. While active, Trickbot malware was also reportedly used to support various ransomware variants, including Conti.

Conti was used to attack more than 900 victims worldwide, including victims in 47 states, the District of Columbia, Puerto Rico and 31 foreign countries, according to authorities. In 2021, the FBI said it was used more than any other ransomware variant.

In a news release, Attorney General Merrick B. Garland called it “one of the most prolific ransomware variants used in cyberattacks across the United States.” Conti’s victims in Tennessee included hospital systems and local governments, the DOJ reported.

The indictment alleges that, beginning in 2020 and continuing through June 2022, Conti conspirators extorted funds from Tennesseans and encrypted the computer systems of a local sheriff’s department, police department and emergency medical services, among others.

Ransom notes left on Conti victims’ computer systems typically boasted, “If you don’t [know Conti] just ‘google it,” the DOJ said. One of the people charged was an alleged “crypter” for Conti, who would modify the ransomware so it would not be detected by anti-virus programs.

Others charged in the scheme in Middle Tennessee were developers, supervisors and a systems administrator who, according to officials, managed users of Conti infrastructure and organized and paid for infrastructure and tools.

The DOJ said Maksim Galochkin, Maksim Rudenskiy, Mikhail Mikhailovich Tsarev, and Andrey Yuryevich Zhuykov are each charged with one count of conspiracy to violate the Computer Fraud and Abuse Act and one count of wire fraud conspiracy. If convicted, each defendant faces a maximum penalty of 25 years in prison.

⏩ Read today’s top stories on wkrn.com

All four Russian nationals are facing additional charges out of Ohio for allegedly conspiring to use the Trickbot malware to steal money and personal and confidential information from unsuspecting victims, beginning in November 2015.

A federal grand jury in the Southern District of California also returned an indictment charging Galochkin in connection with the Conti ransomware attack on Scripps Health on May 1, 2021.

“Today’s announcement shows our ongoing commitment to bringing the most heinous cyber criminals to justice – those who have devoted themselves to inflicting harm on the American public, our hospitals, schools, and businesses,” said FBI Director Christopher Wray. “Cyber criminals know that we will use every lawful tool at our disposal to identify them, tirelessly pursue them, and disrupt their criminal activity. We, alongside our federal and international partners, will continue to impose costs through joint operations no matter where these criminals may attempt to hide.”