The US and the UK have sanctioned 11 individuals accused of being linked with the Trickbot malware and the Conti ransomware groups – the latter of which disbanded in 2022 following the war in Ukraine and a leak of its internal communications.
The move was jointly announced by the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) and the UK Foreign, Commonwealth & Development Office (FCDO) on August 7, 2023.
The sanctioned Russians were named as Andrey Zhuykov, Maksim Galochkin, Maksim Rudenskiy, Mikhail Tsarev, Dmitry Putilin, Maksim Khaliullin, Sergey Loguntsov, Vadym Valiakhmetov, Artem Kurov, Mikhail Chernov and Alexander Mozhaev.
Investigations by the UK’s National Crime Agency (NCA) and the FBI identified that these men, all Russian nationals, were influential members of the group, working as developers, administrators who facilitated payments to the group from ransom funds, and managers who recruited new members from cybercrime forums.
Exposing Cyber-Criminals’ Identities
James Cleverly, the UK Foreign Secretary, insisted that it was important to name names to help with the fight against cybercrime.
“These cyber-criminals thrive off anonymity, moving in the shadows of the internet to cause maximum damage and extort money from their victims. Our sanctions show they cannot act with impunity. We know who they are and what they are doing. By exposing their identities, we are dismantling their business models, making it harder for them to target our people, our businesses and our institutions,” he said.
These new sanctions follow a first wave in February 2023, where seven Russians involved with Trickbot and Conti were also sanctioned, as part of the first-ever joint UK-US sanctions cyber-criminals.
The US Department of Justice is concurrently unsealing indictments against nine individuals in connection with the Trickbot malware conspiracy and Conti ransomware conspiracy, including the seven individuals designated today.
All 18 cyber-criminals are now subject to travel bans and asset freezes and are severely restricted in using the legitimate global financial system.
Law Enforcement’s Role in Unmasking Criminals
In a statement, the NCA director general of operations Rob Jones said these sanctions are a continuation of previous law enforcement campaigns against cybercrime, such as the one that took down malware loader infrastructure QakBot in August.
“These criminals thought they were untouchable, but our message is clear: we know who you are and, working with our partners, we will not stop in our efforts to bring you to justice,” he added.
UK Security Minister Tom Tugendhat agreed: “We have the skills and resources to find and unmask criminals who attempt to steal from British businesses, schools and hospitals. We will keep working with our partners, like the US, to defeat these threats,” he said in a public statement.
Don Smith, vice president of Secureworks Counter Threat Unit, welcomed the sanctions, saying it could prevent “old ransomware groups’ members from bouncing back.”
“The question, as ever, is does this really make a difference? Yes. This is disruptive for the Conti group and even if they make a comeback, it’s a significant dent in their operation.”
Finally, the CEO of the UK’s National Cyber Security Centre (NCSC), Lindy Cameron, reiterated the need for businesses and administrations to keep the greatest cybersecurity posture possible: “Alongside this latest round of sanctions, I strongly encourage organizations to proactively obstruct the activities of ransomware operatives by bolstering their online resilience.”
Read more: FBI's QakBot Takedown Raises Questions: 'Dismantled' or Just a Temporary Setback?