This article was originally published by Radio Free Europe/Radio Liberty and is reprinted with permission.
Britain and the United States have announced sanctions against seven Russians accused of running a notorious hacking gang that launched ransomware attacks against businesses, schools, and hospitals in both countries and elsewhere in the world.
The U.S. Treasury Department said the seven Russians were the leaders of a gang known as Trickbot, which targeted hospitals and health-care centers during the height of the COVID-19 pandemic in 2020.
The department said Russia was “a haven for cybercriminals, where groups such as Trickbot freely perpetrate malicious cyber-activities against the U.S., the U.K., and allies and partners.”
Britain’s Foreign Office said the cybercriminals had used attacks to gain an estimated 27 million pounds ($32.85 million) from those targeted by ransomware attacks in Britain alone.
“Ransomware criminals specifically target the systems of organizations they judge will pay them the most money and time their attacks to cause maximum damage, including targeting hospitals in the middle of the pandemic,” the Foreign Office said in a news release.
Ireland’s Health Service Executive and the government of Costa Rica were among the institutions outside the United States and Britain that were targeted by the group.
Britain named several ransomware groups, including Trickbot and another known as Conti, which it said was one of the first cybercrime groups to back Russia’s war in Ukraine.
The groups were responsible for the development and deployment of ransomware that went by the same names, as well as several other names, according to the Foreign Office statement.
The two countries said their collaboration was significant in the efforts to disrupt international cybercriminals.
U.S. Secretary of State Antony Blinken said that the United States and Britain “will continue to work with other international partners to expose and disrupt cybercrime emanating from Russia.”
Graeme Biggar, director-general of Britain’s National Crime Agency, called it “a hugely significant moment” in collaborative efforts with the United States.
“The sanctions are the first of their kind for the U.K. and signal the continuing campaign targeting those responsible for some of the most sophisticated and damaging ransomware that has impacted the U.K. and our allies,” Biggar said.
Trickbot was first identified in 2016 by security researchers. It evolved from a banking trojan known as Dyre, which the U.S. Treasury Department said was operated by individuals based in Moscow to steal financial data.
The U.S. Treasury Department named Vitaly Kovalev as a senior figure in Trickbot. It said in addition to announcing sanctions against him, an indictment was unsealed on February 9 in the U.S. District Court in New Jersey charging Kovalev with bank fraud in connection with crimes that took place in 2009 and 2010, predating his involvement in Dyre or the Trickbot Group.
The other six individuals — Maksim Mikhailov, Valentin Karyagin, Mikhail Iskritsky, Dmitry Pleshevsky, Ivan Vakhromeyev, and Valery Sedletsky — worked in various capacities, including development of ransomware and money laundering.
The sanctions freeze any property held in U.S. jurisdiction by the seven individuals. The designations also prohibit all dealings with the individuals in the United States and Britain.