security

Seven Russians sanctioned over ransomware cyber-crime – BBC


  • By Joe Tidy
  • Cyber reporter

Image caption,

Dmitry Pleshevskiy known as Iseldor online is one of the men accused of being a cyber-criminal

Seven Russian men have been sanctioned by the UK and US for having links to recent ransomware attacks.

The UK’s Foreign Office, along with US authorities, has released pictures of the men, frozen their assets and imposed travel restrictions.

US authorities have accused them of being members of loosely defined Russian-based hacking network Trickbot.

Ransomware strains Conti and Ryuk extorted at least £27m in ransoms from 149 British victims.

“This is a hugely significant moment for the UK and our collaborative efforts with the US to disrupt international cyber-criminals,” said National Crime Agency director general Graeme Biggar.

“The sanctions are the first of their kind for the UK and signal the continuing campaign targeting those responsible for some of the most sophisticated and damaging ransomware that has impacted the UK and our allies,” he said.

Image source, National Crime Agency

Image caption,

Mikhail Iskritskiy also known as (aka) Tropa and Valery Sedletski aka Strix are on the new cyber sanctions list

The National Cyber Security Centre, a part of GCHQ, has assessed that key group members are “highly likely” to have strong links to the Russian Intelligence Services from which they are sometimes directed.

No evidence was supplied to support this allegation.

The individuals sanctioned are: Vitaliy Kovalev, Valery Sedletski, Valentin Karyagin, Maksim Mikhailov, Dmitry Pleshevskiy, Mikhail Iskritskiy and Ivan Vakhromeyev.

Any arrests are impossible unless the accused leave the country.

The group behind the Conti strain has targeted hospitals, schools, businesses and local authorities, including the Scottish Environment Protection Agency.  It extorted $180m (£148m) in ransomware in 2021 alone, according to research from Chainalysis.

Ireland’s Health Service Executive was targeted by Conti ransomware actors during the Covid pandemic, leading to disruption to blood tests, X-rays, CT scans, radiotherapy and chemotherapy appointments over 10 days. 

Another recent ransomware attack included Harrogate-based transportation and cold storage firm Reed Boardall, whose IT systems were under attack for nearly a week in 2021.

Although Conti disbanded in 2022, its members are thought to have continued their attacks under different guises.

Video caption,

Businesses are being held to ransom by callous Ryuk cyber-criminals

Russia has for years denied that it is harbouring ransomware hackers, but cyber-security experts say there is compelling evidence that many of the criminal groups are co-ordinated from the country.

Many of the gangs operate on Russian-language forums, there are fewer attacks on Russian organisations, and the frequency of hacks dips during Russian public holidays.

Previously the US and UK worked together on sanctions issued against alleged members of cyber-crime group Evil Corp in 2020. Authorities allege that some of the men in the latest sanctions could have formerly worked for the group.



READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.