- Seven Russian nationals have assets frosty and travel bans imposed.
- Ransomware is a tier one particular national security threat, along with attacks against businesses plus public sector organisations more and more common. Recent victims include UK schools, local authorities and firms – whilst internationally the Irish Health Assistance Executive, Costa Rican Authorities and American healthcare companies were targeted.
- New advertising campaign of concerted action has been coordinated with the US, after 149 British victims of ransomware known as Conti and Ryuk were identified by NCA.
Ireland’s Health Service Executive were targeted by ransomware stars during the Covid pandemic, resulting in disruption to blood tests, X-rays, CT scans, radiotherapy and chemotherapy appointments over 10 days. We’re targeting internet criminals who have been involved in probably the most prolific and damaging kinds of ransomware. Ransomware criminals possess hit hospitals and universities, hurt many and disrupted lives, at great expenditure to the taxpayer.
National Crime Agency Director-General Graeme Biggar said: Today, the UK’s Office of Financial Sanctions Implementation (OFSI) are also submitting new public guidance which usually sets out the implications of these new sanctions in ransomware cases. That guidance can be obtained here
Seven Ruskies cyber criminals have today (Thursday 9 February) already been sanctioned by the UK plus US in the first influx of new coordinated action towards international cyber crime. These individuals have been associated with the development or even deployment of a range of ransomware strains which have targeted the united kingdom and US. The Nationwide Cyber Security Centre (NCSC), a part of GCHQ, has assessed that: This is a hugely significant moment for the UK and our collaborative efforts with the ALL OF US to disrupt international cyber criminals. UK and US government bodies will continue to expose these cyber criminals and break down on their activities. This particular announcement of sanctions against seven individuals marks the beginning of a campaign of coordinated action against ransomware actors being led by the UK and US. Victims associated with ransomware attacks should make use of the UK Government’s Cyber Event Signposting Site as soon as possible after an attack. The NCSC is working with partners to bear down on ransomware attacks and people responsible, helping to prevent situations and improve our group resilience. The ransomware strains known as Conti and Ryuk affected 149 UNITED KINGDOM individuals and businesses. The ransomware was responsible for extricating at least an estimated £27 million. There were 104 UK victims of the Conti strain that paid approximately £10 million and 45 victims of the Ryuk strain who paid approximately £17 million.
Security Minister Tom Tugendhat said: NCSC CEO Lindy Cameron said:
These sanctions follow a complicated, large-scale and ongoing investigation led by the NCA, that will continue to pursue all investigative lines of enquiry to disrupt the ransomware danger to the UK in cooperation with partners. These cynical cyber assaults cause real damage to people’s lives and livelihoods. We will always put our national security first by protecting the UK and our allies from serious organised criminal offense – whatever its type and wherever it originates. The individuals designated today are: Vitaliy Kovalev, Valery Sedletski, Valentin Karyagin, Maksim Mikhailov, Dmitry Pleshevskiy, Mikhail Iskritskiy and Ivan Vakhromeyev. The sanctions would be the first of their kind for that UK and signal the continuing campaign targeting individuals responsible for some of the most sophisticated plus damaging ransomware that has affected the UK and our allies. They show that these crooks and those that support choices not immune to UNITED KINGDOM action, and this is just 1 tool we will use to split down on this threat plus protect the public. Ransomware criminals specifically target the systems associated with organisations they judge can pay them the most money and time their particular attacks to cause maximum damage, including targeting hospitals in the middle of the pandemic.
It is vital organisations consider immediate steps to limit their own risk by following the NCSC’s advice on how to put strong defences in place to protect their networks. Foreign Admin James Cleverly said: Ransomware groups known as Conti, Wizard Spider, UNC1878, Gold Blackburn, Trickman and Trickbot are responsible for the development plus deployment of: Trickbot, Anchor, BazarLoader, BazarBackdoor as well as the ransomware strains Conti and Diavol. They are also involved in the deployment associated with Ryuk ransomware.
Making funds accessible to the individuals such as paying ransomware, including in crypto assets, is prohibited under these sanctions. Organisations should have or should put in place powerful cyber security and incident management systems in place to avoid and manage serious cyber incidents. Cyber criminal offense knows no boundaries plus threatens our national safety. These sanctions identify and expose those responsible.
- It is almost certain that the particular Conti group were primarily financially motivated and decided their targets based on the perceived value they could extort from.
- Key group members highly likely maintain links towards the Russian Intelligence Services through whom they have likely received tasking. The targeting associated with certain organisations, such as the Global Olympic Committee, by the group almost certainly aligns with Russian state objectives.
- It is highly likely that the group started out previous cyber organised criminal offense groups and likely have got extensive links to other cyber criminals, notably EvilCorp and people responsible for Ryuk ransomware.
This is an superb example of the dedication plus expertise of the NCA group who have worked closely with partners on this complex analysis. We will continue to deploy our unique capabilities to expose cyber criminals and work alongside our international partners to hold those responsible to accounts, wherever they are in the world.
Although the ransomware group accountable for Conti disbanded in May 2022, reporting suggests members from the crew continue to be involved in some of the most notorious new ransomware strains that will dominate and threaten UNITED KINGDOM security. By sanctioning these cyber criminals, we have been sending a clear signal to them and others involved in ransomware that they can be held to accounts. Ransomware is the most acute internet threat facing the UK, plus attacks by criminal groups show just how devastating its impact can be.
A wide range of organisations have been targeted by ransomware criminals, including at least ten schools plus universities in the UK, as well as private hospitals, a forensic laboratory and local authorities. The Government of Costa Rica was also targeted last year. Conti was one of the first cyber criminal offense groups to back Russia’s war in Ukraine, voicing their support for the Kremlin within 24 hours of the intrusion. Another recent ransomware attack included Harrogate-based transportation and cold storage firm Reed Boardall whose IT systems were under attack for nearly a week in 2021. Conti was behind attacks that targeted hospitals, schools, companies and local authorities, including the Scottish Environment Protection Agency. The group behind Conti extorted 0 million in ransomware in 2021 alone, according to research from Chainalysis.
