Cloud Hosting

Members of a Russiancybercriminalgang behind the Trickbot/Contiransomware attacks, which included the hacking of critical infrastructure and hospitals during the COVID-19 pandemic,face new sanctions today (7 September).

Eleven cybercriminals, whose gang also threatened those who oppose the illegal Russian invasion of Ukraine, have beentargetedwith asset freezes and travel bans in a coordinated effort by UK and US authoritiesto counter the threat of ransomware bothin the UK andabroad. The US Department of Justice (DOJ) is concurrently unsealing indictments against seven of the individuals designated today.

The National Crime Agency (NCA), who conducted a complex investigation into these individuals, assesses that the group was responsible for extorting at least $180 million from victims globally, and at least 27 million from 149 UK victims. The attackers sought to target UK hospitals, schools, local authorities and businesses.

The individuals being designatedin the UK are:

This action was taken in coordination with the US, where these key cybercriminals have also been sanctioned,and is a continuation of joint efforts by the UK and US to disrupt and impose costs on high harm cyber criminals. It is assessed that sanctions have hampered the ability of cyber threat actors to monetise their cyber criminalactivities.

Foreign Secretary James Cleverly said:

These cybercriminals thrive off anonymity, moving in the shadows of the internet to cause maximum damage and extort money from their victims.

Our sanctions show they cannot act with impunity. We know who they are and what they are doing.

By exposing their identities, we are disruptingtheir business models andmaking it harder for them to target our people, our businesses and our institutions.

The individuals, all Russian nationals, operatedout of the reach of traditional law enforcement and hid behind online pseudonyms and monikers many of which are revealed today. Removing their anonymity undermines the integrity of these individuals and their criminal businesses that threaten UK security.

Several of those facing sanctions today held significant roles within thegroup. Those targeted includehigh-level managers and administrators, as well astwoindividuals, Maksim Khaliullinand Mikhail Tsarev, who focused on recruiting and inducting new members.

Thegroup was also one of the first to offer support for Russias invasion of Ukraine, maintaininglinks and receiving tasking from the Russian Intelligence Services.

Deputy Prime Minister and Secretary of State in the Cabinet Office Oliver Dowden said:

By targeting these malicious cyber actors, who have been known to work with some of the most damaging ransomware strains, we are seeking out and exposing those who threaten the UKs national security.We will alwaystake decisive action with international partners to protect the UK, its peopleand businesses.

Security Minister Tom Tugendhat said:

These sanctions demonstratethat the UK will crackdown on those trying to hold UK businesses and infrastructureto ransom. We will use our law enforcement agencies to go after the perpetrators and punish their crimes.

We have the skills and resources to find and unmask criminals who attemptto steal from British businesses, schoolsand hospitals.

We will keep working with our partners, like the US, to defeat these threats.

NCA Director General of Operations Rob Jones said:

These sanctions are a continuation of our campaign against international cyber criminals.

Attacks by this ransomware group have caused significant damage to our businesses and ruined livelihoods, with victims having to deal with the prolonged impact of financial and data losses.

These criminals thought they were untouchable, but our message is clear: we know who you are and, working with our partners, we will not stop in our efforts to bring you to justice.

National Cyber Security Centre (NCSC) Chief Executive Officer Lindy Cameron said:

Alongside this latest round of sanctions, I strongly encourage organisations to proactively obstruct the activities of ransomware operatives by bolstering their online resilience.

Ransomware continues to be a significant threat facing the UK and attacks can have significant and far-reaching impact.

The NCSC has published free and actionable advice for organisations of all sizes on how to put robust defences in place to protect their networks.

Todays sanctions announcement reinforces the UKs commitment to cracking down on cyber criminals. They follow on from the first ever joint UK-US sanctions against ransomware actors in February this year. The total number of group members sanctioned is now 18.

Original post:
UK sanctions members of Russian cybercrime gang - GOV.UK