Skip to content

Whistleblower exposes Conti and TrickBot gang leader

  • by
  • 2 min read

German law enforcement authorities have exposed a Russian national named Vitaly Nikolaevich Kovalev as the founder of the infamous TrickBot cybercrime gang. Earlier in May, a whistleblower named Kovale as the founder of the Conti and TrickBot gangs.

Kovalev was named in a press release from the Main Public Prosecutor’s Office, Central Office for Combating Cybercrime (ZIT), and the Federal Criminal Police Office in Germany. The release also includes a headshot of Kovalev and his known monikers “start” and “ben”. He’s currently wanted “as the main perpetrator has supported the continuous use and further development of the malware, which infiltrated the grouping of foreign computer systems and stole data.”

The whistleblower, known as GangExposed, wrote a detailed profile on Kovalev, alleging that he’s the mastermind behind Conti, TrickBot, Royal, and BlackSuite ransomware groups. It’s also alleged that he “oversaw ransomware attacks” on American hospitals during the COVID-19 pandemic and “played a role in the Costa Rica government ransomware crisis.”

The exposé also includes his real name, date and place of birth, known aliases, Telegram ID, and personally identifiable information such as Russian tax ID, passport numbers, driver’s license details, phone numbers, email addresses, and known physical addresses.

More details like Kovalev’s digital footprint on Telegram, his shell companies and legal cover, known criminal charges and sanctions, as well as his current worth, were also exposed. Kovalev’s expected to be a crypto billionaire, considering one of his known crypto wallets was spotted holding 11,000 BTC in 2022, amounting to roughly $500 million at the time.

The TrickBot ransomware group was established in 2016 and is believed to have infected millions of computers worldwide — stealing sensitive data and infecting them with ransomware alike. Authorities have tried taking it down in two separate operations held in 2020 and 2024, also announcing criminal charges and sanctions against the gang and Kovalev himself, who was believed to be a senior figure in the operation.

In the News: 3 Adreno GPU zero-days exploited by hackers patched

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

Related Reads

This is an image of dark web hacker security

Apple and Android app stores found offering spyware

This is an image of whatsapp featured 11

US House of Representatives bans Meta-owned WhatsApp on official devices

Illustration: jmiks | shutterstock

Ransomware group now lets you call a lawyer

This is an image of data breach cyber security 239847238978

Oxford City Council data breach leaks two decades of data

This is an image of facebook featured

Meta plans to introduce full passkey support for Facebook on mobile

This is an image of cloudflare featured office san fran 1

Cloudflare blocks record-breaking DDoS attack

>