For many years, based in Russia Ransomware gangs have carried out attacks that have crippled businesses, hospitals and public sector agencies, extorted hundreds of millions of dollars from victims and caused untold disruption. And they did so with impunity—but not anymore. Today, as part of an effort to stop blackmail gangs, the UK and US governments unmasked some of the criminals behind the attacks.
In a rare move, officials sanctioned seven alleged members of notorious ransomware gangs and made them public. real name, date of birth, email address and photo. All seven named cybercriminals belong to the Conti and Trickbot ransomware families, which are linked together and are commonly referred to as the Wizard Spider. Furthermore, the UK and US are now clearly pointing out the links between Conti and Trickbot and Russian intelligence services.
British Foreign Secretary James Cleverly said: “By punishing these cybercriminals, we are sending a clear signal to them and others involved in ransomware that they will be held accountable.” “These dubious cyberattacks cause real damage to people’s lives and livelihoods.”
The seven gang members named by the two governments are: Vitaly Kovalev, Maksim Mikhailov, Valentin Karyagin, Mikhail Iskritskiy, Dmitry Pleshevskiy, Ivan Vakhromeyev and Valery Sedletski. The members all had online handles, such as Baget and Tropa, that they used to communicate with each other without using their real-world identities.
On Thursday, the UK’s National Cyber Security Center (NCSC) said it was “very likely” that members of the Conti group had links to the “Russian Intelligence Service” and that those agencies “have ability” directed some of the group’s actions. The NCSC is part of the UK intelligence agency GCHQ and this is the first time the UK has sanctioned a ransomware crime.
Similarly, the US Treasury Department concluded that members of the Trickbot Group were “connected to the Russian Intelligence Service”. It added that the group’s actions in 2020 were in line with Russia’s international interests and were “targeted previously by the Russian Intelligence Service.”
According to the U.S. Department of the Treasury, these members were engaged in malware and ransomware development, money laundering, fraud, and injecting malicious code into websites to steal logins and regulatory roles. . As part of the sanctions, the UK has frozen assets belonging to ransomware attackers and imposed a travel ban on them. The US District Court for the District of New Jersey also announced an indictment charging Vitaliy Kovalev with conspiracy to commit bank fraud and eight counts of bank fraud against US financial institutions in 2009 and 2010. .
Governments have struggled to get a handle about the growing ransomware threat, largely due to the many criminal groups operating in Russia. The Kremlin provided a safe haven for these bad guys—as long as they weren’t targeting Russian companies. Last year, following a series of particularly aggressive and disruptive attacks on US and UK targets, Russian law enforcement arrested more than a dozen alleged members of the notorious extortion gang REvil. But Russia continues to be the starting point of a range of cybercrime activities, including ransomware attacks.
