Seven Russian cyber criminals, linked to the group behind some of the most damaging ransomware attacks on the UK in recent years, have been exposed and sanctioned by the UK and the US.

The sanctions by the UK’s Foreign Office and the US Department of the Treasury’s Office of Foreign Assets Control (OFAC), form part of a concerted campaign by the UK and the US to tackle international cyber-crime.

They follow a lengthy investigation by the UK’s National Crime agency into the crime group behind Trickbot malware, as well as the Conti and RYUK ransomware strains, among others.

The NCA assesses that the group was responsible for extorting at least £27 million from 149 UK victims, including hospitals, schools, businesses and local authorities, although their true impact is likely to be much higher.

National Crime Agency director general Graeme Biggar said:  “This is a hugely significant moment for the UK and our collaborative efforts with OFAC to disrupt international cyber criminals.”

“The sanctions are the first of their kind for the UK and signal the continuing campaign targeting those responsible for some of the most sophisticated and damaging ransomware that has impacted the UK and our allies. They show that these criminals and those that support them are not immune to UK action, and this is just one tool we will use to crack down on this threat and protect the public.”

“This is an excellent example of the dedication and expertise of the NCA team who have worked closely with partners on this complex investigation. We will continue to deploy our unique capabilities to expose cyber criminals and work alongside our international partners to hold those responsible to account, wherever they are in the world.”

According to the NCA, ransomware is a tier one national security threat, with attacks continuing to increase in scale and complexity. 

It added that the criminals behind these attacks specifically target the systems of organisations they judge will pay them the most money and time their attacks to cause maximum damage, including targeting hospitals in the middle of the pandemic.

Although the Conti group disbanded last year, reporting suggests its members, including those sanctioned, continue to be involved in some of the most notorious new ransomware strains that dominate and threaten UK security.

The seven cyber criminals are now subject to travel bans and asset freezes, and are severely restricted in their use of the global financial system. 

The seven are:

• Vitaliy KOVALEV  (historical use of AKA Ben and AKA Bentley)
• Valery SEDLETSKI (AKA Strix)
• Valentin KARYAGIN (AKA Globus)
• Maksim MIKHAILOV (AKA Baget)
• Dmitry PLESHEVSKIY (AKA Iseldor)
• Mikhail ISKRITSKIY (AKA Tropa)
• Ivan VAKHROMEYEV (AKA Mushroom)