Seven Russians sanctioned over ransomware cyber-crime
Seven Russian men have been sanctioned by the UK and US for having links to recent ransomware attacks.
The UK’s Foreign Office, along with US authorities, has released pictures of the men, frozen their assets and imposed travel restrictions.
US authorities have accused them of being members of loosely defined Russian-based hacking network Trickbot.
Ransomware strains Conti and Ryuk extorted at least £27m in ransoms from 149 British victims.
“This is a hugely significant moment for the UK and our collaborative efforts with the US to disrupt international cyber-criminals,” said National Crime Agency director general Graeme Biggar.
“The sanctions are the first of their kind for the UK and signal the continuing campaign targeting those responsible for some of the most sophisticated and damaging ransomware that has impacted the UK and our allies,” he said.
The National Cyber Security Centre, a part of GCHQ, has assessed that key group members are “highly likely” to have strong links to the Russian Intelligence Services from which they are sometimes directed.
No evidence was supplied to support this allegation.
The UK government categorises ransomware as a tier one national security threat with recent victims including UK schools, local authorities and firms.
The individuals sanctioned are: Vitaliy Kovalev, Valery Sedletski, Valentin Karyagin, Maksim Mikhailov, Dmitry Pleshevskiy, Mikhail Iskritskiy and Ivan Vakhromeyev.
Any arrests are impossible unless the accused leave the country.
The group behind the Conti strain has targeted hospitals, schools, businesses and local authorities, including the Scottish Environment Protection Agency. It extorted $180m (£148m) in ransomware in 2021 alone, according to research from Chainalysis.
Ireland’s Health Service Executive was targeted by Conti ransomware actors during the Covid pandemic, leading to disruption to blood tests, X-rays, CT scans, radiotherapy and chemotherapy appointments over 10 days.
Another recent ransomware attack included Harrogate-based transportation and cold storage firm Reed Boardall, whose IT systems were under attack for nearly a week in 2021.
Although Conti disbanded in 2022, its members are thought to have continued their attacks under different guises.
Russia has for years denied that it is harbouring ransomware hackers, but cyber-security experts say there is compelling evidence that many of the criminal groups are co-ordinated from the country.
Many of the gangs operate on Russian-language forums, there are fewer attacks on Russian organisations, and the frequency of hacks dips during Russian public holidays.
The latest sanctions follow multinational efforts to disrupt ransomware crews, most recently by sabotaging the Hive ransomware crew and taking them offline.
Previously the US and UK worked together on sanctions issued against alleged members of cyber-crime group Evil Corp in 2020. Authorities allege that some of the men in the latest sanctions could have formerly worked for the group.
In 2021 the BBC went to Russia to try to track down the group and was told by a family member that the sanctions had made them fear for their safety.