The US and UK governments announced joint sanctions against seven Russian cybercriminals on February 9.
These individuals are members of the notorious Trickbot malware gang, which the US and UK have accused of launching malicious cyber operations against critical infrastructure in both countries, including hospitals.
The names of the sanctioned Russians are Vitaly Kovalev, Maksim Mikhailov, Valentin Kalyagin, Mikhail Iskritsky, Dmitry Preshevsky, Ivan Vakromeyev and Valery Sedletsky.
The sanctions mean these cyber attackers have frozen all US and UK assets and banned travel to both countries.
The U.S. Treasury Department also warned that any individual or financial institution that engages in transactions with sanctioned Russian nationals “may be subject to designation.”
The agency’s statement highlighted Trickbot’s ties to Russian intelligence, arguing that it aligns with Russia’s national goals, especially after 2020.
Trickbot was first identified in 2016 and began as a banking Trojan, but since evolving into a highly modular malware suite, the group has been able to carry out a variety of cyber activities, including ransomware attacks. Now
Both the US and UK governments have highlighted gang involvement in developing ransomware strains that target critical services as a primary reason for the organizational designation.
In one example, the US government says the Trickbot Group deployed ransomware against three medical facilities in Minnesota, disrupting computer networks and phones and causing ambulance diversions. “Members of the Trickbot Group have publicly and proudly expressed the ease with which medical facilities can be targeted and the speed at which ransoms are paid to the group.”
The new sanctions are part of a broader effort among law enforcement and governments to thwart ransomware gangs. In January 2023, a concerted FBI and Europol action brought down the Hive ransomware group’s infrastructure.
Brian E. Nelson, Director of Terrorism and Financial Intelligence, commented:
“International cooperation is key to combating cybercrime in Russia, so the United States is taking action today in partnership with the United Kingdom,” Nelson said.
British Foreign Secretary James Cleverley added:
“These cynical cyberattacks are causing serious damage to people’s lives and livelihoods. give top priority to.”
Don Smith, Vice President of Research at Secureworks, commented on the matter, explaining the importance of sanctions in helping law enforcement disrupt Trickbot’s activities. He said the designation “gives law enforcement and financial institutions the necessary powers and mechanisms to seize assets and cause economic chaos to designated individuals, while making victims pay or choose to pay ransoms.” It avoids criminalizing and re-victimizing victims by putting them in the impossible position of restoring business or violating sanctions.”
Smith added:
Raj Samani, SVP Chief Scientist at Rapid7, said he hopes the announcement will send a strong message to other cybercriminals that their activities are not going unnoticed. “The impression that cybercrime is a risk-free endeavor will be shattered by this morning’s news that seven individuals have been sanctioned by the UK government.
In its statement on sanctions, the UK government emphasized the scale of damage ransomware has caused to the UK economy. 149 UK individuals and businesses say they were affected by Conti and Ryuk ransomware shares alone and escaped extortion payments of an estimated £27m ($33m).
The Russia-based Conti Gang has announced that it will cease operations in May 2022. This followed the leak of the group’s internal documents and internal chat logs by Ukrainian researchers days after he took a stance in favor of Russia’s invasion of Ukraine. However, former Conti actors are believed to remain active in the cybercrime underworld.
