2 minute read
UK and USA sanction Russian cyber criminals
[SEVEN RUSSIAN cyber criminals who are linked to the group behind some of the most damaging ransomware attacks on the UK in recent years have been exposed and sanctioned by the UK and the US.
The sanctions, which have been announced by the Foreign Office alongside the US Department of the Treasury’s Office of Foreign Assets Control (OFAC), form part of a concerted campaign by the UK and the US to tackle international cyber crime. They follow a lengthy investigation by the UK’s National Crime Agency (NCA) into the crime group behind Trickbot malware, as well as the Conti and RYUK ransomware strains, among others.
The NCA assesses that the group was responsible for extorting at least £27m from 149 UK victims, including hospitals, schools, businesses and local authorities – although their true impact is likely to be much higher.
The director general of the National Crime Agency, Graeme Biggar, said: “This is a hugely significant moment for the UK and our collaborative efforts with OFAC to disrupt international cyber criminals.
“The sanctions are the first of their kind for the UK and signal the continuing campaign targeting those responsible for some of the most sophisticated and damaging ransomware that has impacted the UK and our allies. They show that these criminals and those that support them are not immune to UK action, and this is just one tool we will use to crack down on this threat and protect the public.”
Ransomware is designated as a ‘tier one’ national security threat, with attacks continuing to increase in scale and complexity. The criminals behind the attacks specifically target the systems of organisations they judge will pay them the most money and time their attacks to cause maximum damage, including targeting hospitals in the middle of the pandemic.
Although the Conti group disbanded last year, reporting suggests that its members, including those sanctioned, continue to be involved in some of the most notorious new ransomware strains that dominate and threaten UK security.
The seven cyber criminals are now subject to travel bans and asset freezes, and are severely restricted in their use of the global financial system. At the same time an indictment was unsealed in the US District Court for the District of New Jersey charging one of the individuals, Vitaliy Kovalev, with conspiracy to commit bank fraud and eight counts of bank fraud in connection with a series of intrusions into victim bank accounts held at various US-based financial institutions that occurred in 2009 and 2010. That alleged offending predates that of the Conti group.
According to research from Chainalysis, the group extorted $180m from global ransomware victims in 2021 alone. Recent victims in the UK include the Scottish Environment Protection Agency, Redcar and Cleveland Council and forensic laboratory Eurofins. Internationally the Irish Health Service Executive, Costa Rican Government and American healthcare providers were targeted.
NCSC CEO Lindy Cameron explained: “Ransomware is the most acute cyber threat facing the UK, and attacks by criminal groups show just how devastating its impact can be. The NCSC is working with partners to bear down on ransomware attacks and those responsible, helping to prevent incidents and improve our collective resilience.
“It is vital organisations take immediate steps to limit their risk by following the NCSC’s advice on how to put robust defences in place to protect their networks.” q
