Wizard Spider, also known as Trickbot, DEV-0193, UNC2053, or Periwinkle Tempest, was a cybercrime group based in and around Saint Petersburg in Russia. Some members may be based in Ukraine. They are estimated to number about 80, some of whom may not know they are employed by a criminal organisation.

The group has been a target of Europol, Interpol, FBI and also the National Crime Agency in the United Kingdom.

In 2018 the groups began using Trickbot, Ryuk and Conti ransomware as their primary tools.

The group is also responsible for developing the espionage software Sidoh, which only gathers information and does not hold it to ransom. In 2020 their software infected three Minnesota medical facilities, locking staff out of computers, which required court orders to try and force the hackers out of the command and control servers.

By the start of February 2022 some internal communications from the group had been leaked.

In late February 2022, members of the group initially supported the Russian invasion of Ukraine, causing internal group communications to be leaked by an anonymous person in support of Ukraine.

The groups servers were eventually shut down in 2022.

In February 2023 United States Secretary of State Antony Blinken announced that the United States and United Kingdom had sanctioned seven men for allegedly spreading Conti, Ryuk and Trickbot malware. Travel bans were imposed on them, their assets were seized and American and British companies and citizens are prohibited from conducting any business with them. Their names were Vitaliy Kovalev, Valery Sedletski, Valentin Karyagin, Maksim Mikhailov, Dmitry Pleshevskiy, Mikhail Iskritskiy and Ivan Vakhromeyev. Also, any foreign banks that knowingly provide significant services to those men could also be sanctioned.