In a coordinated action with US authorities, the UK has imposed sanctions on seven Russian cybercriminals linked to the use of Conti and Ryuk ransomware and the Trickbot banking Trojan. This follows an in-depth investigation led by the National Crime Agency (NCA) and marks the UK’s first joint sanctions against cybercrime.
According to the UK government, ransomware is a “tier one national security threat” that is increasingly being used to attack companies and public sector organizations.
Ransomware groups known as Conti, Wizard Spider, UNC1878, Gold Blackburn, Trickman, and Trickbot have been responsible for deploying ransomware strains such as Conti, Ryuk, and Trickbot.
Discover the future of technology!
Visit us at the TNW conference on June 15th and 16th in Amsterdam
The groups target organizations that they expect would pay the most, and plan their attacks to inflict the most damage possible. Conti and Ryuk alone have affected 149 UK individuals and companies, pulling out at least £27million.
Recent victims of Conti in the UK include the Scottish Environmental Protection Agency, food distribution company Reed Boardall, Cleveland Council and forensic laboratory Eurofins.
“These criminals and those who support them are not immune to British action.
Conti was also one of the first cybercrime groups to declare support for Russia’s war in Ukraine, while the National Cyber Security Center (NCSC) has assessed that key members of the group are “most likely” to have “links” to Russian intelligence Services.
And although the group was disbanded in May 2022, government reports suggest members remain involved in threatening UK security with new strains of ransomware.
“The sanctions are the first of their kind for the UK and signal the ongoing campaign against those responsible for some of the most sophisticated and damaging ransomware to hit Britain and our allies,” said Graeme Biggar, director-general of the NCA in a statement.
“The United States and the United Kingdom are taking coordinated action against cybercriminals who have launched attacks on our critical infrastructure,” said Antony J. Blinker, US Secretary of State, in a related press release. “We will continue to work with the UK and other international partners to detect and disrupt cybercrime originating from Russia.”
Persons sanctioned include the following:
The seven people are now subject to travel bans and asset freezes. In addition, it is strictly forbidden to provide them with funds such as B. Paying for ransomware – including crypto assets.
The US Treasury Department warned that “any foreign financial institution knowingly facilitating a significant transaction or providing significant financial services to any person or entity named today could be subject to US correspondent or pass-through account sanctions.”
Working together, the UK and US authorities announced that they will continue to expose cybercriminals associated with the ransomware groups and crack down on their activities to strengthen their cybersecurity.