188体育

• sanctions hit 11 from Russian cyber gang that targeted hospitals and other critical infrastructure
• sanctions will disrupt ransomware attacks and expose attackers behind them
• new measures delivered in coordinated effort with the United States

Members of a Russian聽cyber聽criminal聽gang behind the Trickbot/Conti聽ransomware attacks, which included the hacking of critical infrastructure and hospitals during the COVID-19 pandemic,聽face new sanctions today (7 September).

Eleven cyber聽criminals, whose gang also threatened those who oppose the illegal Russian invasion of Ukraine, have been聽targeted聽with asset freezes and travel bans in a coordinated effort by UK and US authorities聽to counter the threat of ransomware both聽in the UK and聽abroad. The US Department of Justice (DOJ) is concurrently unsealing indictments against seven of the individuals designated today.

The National Crime Agency (NCA), who conducted a complex investigation into these individuals, assesses that the group was responsible for extorting at least $180 million from victims globally, and at least 拢27 million from 149 UK victims. The attackers sought to target UK hospitals, schools, local authorities and businesses.

The individuals being designated聽in the UK are:

• Andrey Zhuykov was a central actor in the聽group and a senior administrator. Known by聽the online monikers 鈥楧efender鈥�,聽鈥楧if鈥� and 鈥楢dam鈥�
• Maksim Galochkin led a group of testers, with responsibilities for development, supervision聽and implementation of tests. Known by聽the online monikers 鈥楤entley鈥�,聽鈥榁olhvb鈥� and 鈥楳ax17鈥�
• Maksim Rudenskiy was a key member of the Trickbot聽group and was the team lead for coders. Known by聽the online monikers 鈥楤uza鈥�,聽鈥楽ilver鈥� and 鈥楤inman鈥�
• Mikhail Tsarev was a mid-level manager who assisted聽with the聽group鈥檚 finances and overseeing of HR functions. Known by聽the online monikers 鈥楳ango鈥�,聽鈥楩r*ances鈥� and 鈥楰hano鈥�
• Dmitry Putilin was associated with the purchase of Trickbot聽infrastructure. Known by聽the online monikers 鈥楪rad鈥� and 鈥楽taff鈥�
• Maksim Khaliullin was an HR manager for the聽group. He was associated with the purchase of Trickbot聽infrastructure including procuring Virtual Private Servers (VPS). Known by聽the online moniker 鈥楰agas鈥�
• Sergey Loguntsov was a developer for the聽group. Known by聽the online monikers 鈥楤egemot鈥�,聽鈥楤egemot_Sun鈥� and 鈥榋ulas鈥�
• Alexander Mozhaev was part of the admin team responsible for general administration duties. Known by聽the online monikers 鈥楪reen鈥� and 鈥楻occo鈥�
• Vadym Valiakhmetov worked as a coder and his duties included backdoor and loader projects. Known by聽the online monikers 鈥榃eldon鈥�,聽鈥楳entos鈥� and 鈥榁asm鈥�
• Artem Kurov worked as a coder with development duties in the Trickbot聽group. Known by聽the online moniker 鈥楴aned鈥�
• Mikhail Chernov was part of the internal utilities group. Known by聽the online monikers 鈥楤ullet鈥� and 鈥榤2686鈥�

This action was taken in coordination with the US, where these key cybercriminals have also been sanctioned,聽and is a continuation of joint efforts by the UK and US to disrupt and impose costs on high harm cyber criminals. It is assessed that sanctions have hampered the ability of cyber threat actors to monetise their cyber criminal聽activities.

Foreign Secretary James Cleverly said:

These cyber聽criminals thrive off anonymity, moving in the shadows of the internet to cause maximum damage and extort money from their victims.

Our sanctions show they cannot act with impunity. We know who they are and what they are doing.

By exposing their identities, we are disrupting聽their business models and聽making it harder for them to target our people, our businesses and our institutions.

The individuals, all Russian nationals, operated聽out of the reach of traditional law enforcement and hid behind online pseudonyms and monikers 鈥� many of which are revealed today. Removing their anonymity undermines the integrity of these individuals and their criminal businesses that threaten UK security.

Several of those facing sanctions today held significant roles within the聽group. Those targeted include聽high-level managers and administrators, as well as聽two聽individuals, Maksim Khaliullin聽and Mikhail Tsarev, who focused on recruiting and inducting new members.

The聽group was also one of the first to offer support for Russia鈥檚 invasion of Ukraine, maintaining聽links and receiving tasking from the Russian Intelligence Services.

Deputy Prime Minister and Secretary of State in the Cabinet Office Oliver Dowden said:

By targeting these malicious cyber actors, who have been known to work with some of the most damaging ransomware strains, we are seeking out and exposing those who threaten the UK鈥檚 national security.聽We will always聽take decisive action with international partners to protect the UK, its people聽and businesses.

Security Minister Tom Tugendhat said:

These sanctions demonstrate聽that the UK will crackdown on those trying to hold UK businesses and infrastructure聽to ransom. We will use our law enforcement agencies to go after the perpetrators and punish their crimes.

We have the skills and resources to find and unmask criminals who attempt聽to steal from British businesses, schools聽and hospitals.

We will keep working with our partners, like the US, to defeat these threats.

NCA Director General of Operations Rob Jones said:

These sanctions are a continuation of our campaign against international cyber criminals.

Attacks by this ransomware group have caused significant damage to our businesses and ruined livelihoods, with victims having to deal with the prolonged impact of financial and data losses.

These criminals thought they were untouchable, but our message is clear: we know who you are and, working with our partners, we will not stop in our efforts to bring you to justice.

National Cyber Security Centre (NCSC) Chief Executive Officer Lindy Cameron said:

Alongside this latest round of sanctions, I strongly encourage organisations to proactively obstruct the activities of ransomware operatives by bolstering their online resilience.

Ransomware continues to be a significant threat facing the UK and attacks can have significant and far-reaching impact.

The NCSC has published free and actionable advice for organisations of all sizes on how to put robust defences in place to protect their networks.

Today鈥檚 sanctions announcement reinforces the UK鈥檚 commitment to cracking down on cyber criminals. They follow on from the first ever joint UK-US sanctions against ransomware actors in February this year. The total number of group members sanctioned is now 18.

Background

• making funds available to the individuals such as paying ransoms, including in cryptoassets, is prohibited under these sanctions
• organisations should have or should put in place robust cyber security and incident management systems in place to prevent and manage serious cyber incidents
• the FCDO announced the first wave of sanctions and the launch of the UK-US campaign of coordinated action against ransomware actors on 9 February 2023
• as announced on 29 August 2023, an international operation, led by the FBI and involving the NCA, took down the Qakbot malware, which infected more than 700,000 computers globally, including the UK. The Qakbot malware was a key enabler for facilitating ransomware attacks and was utilised in Conti operations. Today鈥檚 designation by the UK and US of further individuals involved in Conti/Trickbot represents the continued efforts to target and disrupt high harm ransomware actors