In a coordinated action with US authorities, the UK has imposed sanctions on seven Russian cyber criminals associated with the deployment of the Conti and Ryuk ransomware as well as the Trickbot banking trojan. This follows a thorough investigation led by the National Crime Agency (NCA) and marks the UK’s first-ever joint cyber crime sanctions.
According to the British government, ransomware is a “tier one national security threat” that’s increasingly used to attack businesses and public sector organisations.
Ransomware groups known as Conti, Wizard Spider, UNC1878, Gold Blackburn, Trickman, and Trickbot have been responsible for the deployment of ransomware strains including Conti, Ryuk, and Trickbot.
The groups target organisations they expect would pay the most and time their attacks to cause the maximum damage. Conti and Ryuk alone have affected 149 UK individuals and businesses, extracting at least an estimated £27 million.
Conti’s recent victims in the UK include the Scottish Environment Protection Agency, food distribution firm Reed Boardall, Cleveland Council, and forensic laboratory Eurofins.
“These criminals and those that support them are not immune to UK action.
Conti was also one of the first cyber crime groups to declare support to Russia’s war in Ukraine, while the National Cyber Security Centre (NCSC) has assessed that key members of the group are “highly likely” to “maintain links” with the Russian Intelligence services.
And although the group was disbanded in May 2022, government reporting suggests that members continue to be involved in threatening UK security with new ransomware strains.
“The sanctions are the first of their kind for the UK and signal the continuing campaign targeting those responsible for some of the most sophisticated and damaging ransomware that has impacted the UK and our allies,” Graeme Biggar, NCA’s General Director, said in a statement.
“The United States and the United Kingdom are taking coordinated action targeting cyber criminals who launched assaults against our critical infrastructure,” Antony J. Blinker, US Secretary of State, highlighted in an associated press release. “We will continue to work with the United Kingdom and with other international partners to expose and disrupt cyber crime emanating from Russia.”
The people sanctioned include the following individuals:
The seven individuals are now subject to travel bans and asset freezes. In addition, making funds available to them, such as paying ransomware — including crypto assets — has been strictly prohibited.
The US Treasury Department warned that “any foreign financial institution that knowingly facilitates a significant transaction, or provides significant financial services for any of the individuals or entities designated today could be subject to US correspondent or payable-through account sanctions.”
Through their collaboration, the UK and US authorities said they will continue to expose cyber criminals associated with the ransomware groups and crack down on their activities, aiming to reinforce their cyber security.