Government sanctions seven Russian hackers

Makes paying ransomware illegal

Companies and individuals are now banned from paying ransoms or transferring funds to the sanctioned criminals

Image:
Companies and individuals are now banned from paying ransoms or transferring funds to the sanctioned criminals

The UK and US governments have sanctioned seven Russian criminals associated with ransomware attacks around the world.

The seven individuals are thought to have links to ransomware gangs like Conti, and to have had a hand in developing strains like Conti, Diavol and Ryuk.

Conti and Ryuk together have affected 149 UK firms and individuals, extracting at least £27 million in ransomware payments: £10 million for Conti and £17 million for Ryuk.

The Conti gang is responsible for attacks on public and private sector organisations, including the Irish Health Service, Scotland's Environmental Protection Agency and KP Snacks.

It was also one of the first criminal groups to publicly side with Russia when the country invaded Ukraine last year. The National Cyber Security Centre judges that the group has links to Russian intelligence, as many of its targets, like the International Olympic Committee, align with Russian state objectives.

Conti's support for Russia brought significant negative attention (even more than a criminal group would normally attract), and the group was forced to disband in May 2022.

Its former members, however, are still active.

Speaking about the sanctions, foreign secretary James Cleverly said:

"By sanctioning these cyber criminals, we are sending a clear signal to them and others involved in ransomware that they will be held to account.

"These cynical cyber attacks cause real damage to people's lives and livelihoods. We will always put our national security first by protecting the UK and our allies from serious organised crime - whatever its form and wherever it originates."

The sanctioned individuals are:

UK firms are banned from doing any business with the seven. Making funds available to them in any way, including through ransomware payments or cryptocurrency transfers, is illegal.

In addition, their assets have been frozen and a travel ban imposed.

The UK Sanctions List lists the following reason for the punishment, under each individual:

"[Name] is or has been involved in relevant cyber activity, including being responsible for, engaging in, providing support for, or promoting the commission, planning or preparation of relevant cyber activity; and providing technical assistance that could contribute to relevant cyber activity, namely ransomware attacks which were intended to undermine the integrity, prosperity and security of the United Kingdom and other countries, and were intended to cause economic loss to, or prejudice the commercial interests of, those companies affected by the activity."

The seven join eight other individuals on the Sanctions List, all from China (two) and Russia (six).

National Crime Agency director-deneral Graeme Biggar said these sanctions are "the first of their kind for the UK." He added that they "signal the continuing campaign targeting those responsible for some of the most sophisticated and damaging ransomware that has impacted the UK and our allies."