{"id":606580,"date":"2023-02-10T07:48:57","date_gmt":"2023-02-10T13:48:57","guid":{"rendered":"https:\/\/news.sellorbuyhomefast.com\/index.php\/2023\/02\/10\/uk-imposes-sanctions-on-conti-ransomware-gang-leaders\/"},"modified":"2023-02-10T07:48:57","modified_gmt":"2023-02-10T13:48:57","slug":"uk-imposes-sanctions-on-conti-ransomware-gang-leaders","status":"publish","type":"post","link":"https:\/\/newsycanuse.com\/index.php\/2023\/02\/10\/uk-imposes-sanctions-on-conti-ransomware-gang-leaders\/","title":{"rendered":"UK imposes sanctions on Conti ransomware gang leaders"},"content":{"rendered":"<div id=\"content-header\">\n<h2>Seven Russian nationals associated with the Conti and Ryuk ransomware operations have been sanctioned by the UK<\/h2>\n<\/div>\n<div id=\"content-center\">\n<ul>\n<li><i data-icon=\"1\"><\/i><\/li>\n<li><i data-icon=\"2\"><\/i><\/li>\n<\/ul>\n<div id=\"contributors-block\">\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/computerweekly\/Alex-Scroxton-CW-Contributor-2022.jpg\" alt=\"Alex Scroxton\">\n\t\t\t\t\t<\/p>\n<p><span>By<\/span><\/p>\n<ul>\n<li>\n\t\t\t\t\t<a href=\"https:\/\/www.techtarget.com\/contributor\/Alex-Scroxton\">Alex Scroxton,<\/a><br \/>\n\t\t\t\t\t\t<span>Security Editor<\/span>\n\t\t\t\t\t\t<\/li>\n<\/ul>\n<p>\n\tPublished: <span>09 Feb 2023 16:30<\/span>\n<\/p>\n<\/div>\n<section id=\"content-body\">\n<p>The UK government has sanctioned seven Russian cyber criminals associated with the <a href=\"https:\/\/www.computerweekly.com\/news\/252520524\/Did-the-Conti-ransomware-crew-orchestrate-its-own-demise\">Conti and Ryuk ransomware operations<\/a>, freezing their assets and imposing travel bans, in a coordinated action with the US authorities.<\/p>\n<p>The seven men, <a href=\"https:\/\/assets.publishing.service.gov.uk\/government\/uploads\/system\/uploads\/attachment_data\/file\/1135553\/Cyber.pdf\" target=\"_blank\" rel=\"noopener\">named today<\/a> as Vitaliy Kovalev, Valery Sedletski, Valentin Karyagin, Maksim Mikhailov, Dmitry Pleshevskiy, Mikhail Iskritskiy and Ivan Vakhromeyev, were found to be associated with the development and deployment of Conti, Diavol and <a href=\"https:\/\/www.computerweekly.com\/news\/252491686\/NHS-warned-over-Ryuk-spreading-through-Trickbot-replacements\">Ryuk<\/a>, as well as various malwares including <a href=\"https:\/\/www.computerweekly.com\/news\/252490819\/Resilient-Trickbot-down-but-not-yet-knocked-out\">Trickbot<\/a>, Anchor, BazarLoader and BazarBackdoor.<\/p>\n<p>Over time, the group bore various monikers assigned to it by security researchers, including Conti, Wizard Spider, UNC1878, Gold Blackburn, Trickman and Trickbot.<\/p>\n<p>During their cyber crime spree, they extorted an estimated \u00a327m from 149 known victims in the UK \u2013 including hospitals, schools, businesses and local authorities. Famously, the cartel was behind the attack on Ireland\u2019s Health Service Executive (HSE) <a href=\"https:\/\/www.computerweekly.com\/news\/252500905\/Conti-ransomware-syndicate-behind-attack-on-Irish-health-service\">in the spring of 2021<\/a>. It also hit organisations including <a href=\"https:\/\/www.techtarget.com\/searchbusinessanalytics\/feature\/Scottish-EPA-rebuilds-with-Tibco-Spotfire-after-cyber-attack\">the Scottish Environmental Protection Agency<\/a> and <a href=\"https:\/\/www.computerweekly.com\/news\/252498463\/Retailer-FatFace-pays-2m-ransom-to-Conti-cyber-criminals\">fashion retailer FatFace<\/a>.<\/p>\n<p><a href=\"https:\/\/www.computerweekly.com\/news\/252520524\/Did-the-Conti-ransomware-crew-orchestrate-its-own-demise\">The group disbanded in 2022<\/a> after it backed Russia\u2019s attack on Ukraine, leading to <a href=\"https:\/\/www.techtarget.com\/searchsecurity\/news\/252514047\/Conti-ransomware-source-code-documentation-leaked\">a series of damaging leaks<\/a> by Ukraine-supporting operatives, but according to the National Cyber Security Centre (NCSC), its members have almost certainly moved on and are now associated with other currently active ransomware operations. The agency also believes those sanctioned today may have links, and have likely received tasking, from the Russian intelligence services.<\/p>\n<p>\u201cBy sanctioning these cyber criminals, we are sending a clear signal to them and others involved in ransomware that they will be held to account,\u201d said foreign secretary James Cleverly.<\/p>\n<p>\u201cThese cynical cyber attacks cause real damage to people\u2019s lives and livelihoods. We will always put our national security first by protecting the UK and our allies from serious organised crime \u2013 whatever its form and wherever it originates.\u201d<\/p>\n<section data-menu-title=\"Significant moment\">\n<h3><i data-icon=\"1\"><\/i>Significant moment<\/h3>\n<p>Graeme Biggar, director of the National Crime Agency (NCA), which identified the gang\u2019s British victims and led the investigation, added: \u201cThis is a hugely significant moment for the UK and our collaborative efforts with the US to disrupt international cyber criminals.<\/p>\n<p>\u201cThe sanctions are the first of their kind for the UK and signal the continuing campaign targeting those responsible for some of the most sophisticated and damaging ransomware that has impacted the UK and our allies. They show that these criminals and those that support them are not immune to UK action, and this is just one tool we will use to crack down on this threat and protect the public.<\/p>\n<p>\u201cThis is an excellent example of the dedication and expertise of the NCA team who have worked closely with partners on this complex investigation,\u201d said Biggar. \u201cWe will continue to deploy our unique capabilities to expose cyber criminals and work alongside our international partners to hold those responsible to account, wherever they are in the world.\u201d<\/p>\n<p>The NCA is continuing to pursue other investigative lines of inquiry to further disrupt the ransomware threat to British organisations, and today\u2019s announcement marks the start of a joint campaign of coordinated action against ransomware actors being run alongside US partners.<\/p>\n<p>It is, however, unlikely that any of the seven men involved will ever face justice in the West \u2013 Russia does not allow its citizens to be extradited and, given the current geopolitical climate, the chances of Moscow\u2019s cooperation at any level are effectively zero. However, as is usual when governments take this sort of action, it is hoped the act of naming them will cause them considerable inconvenience, removing their ability to operate anonymously and highlighting the corruption and criminal links endemic in the Russian intelligence services.<\/p>\n<p>Don Smith, vice-president of threat research at the <a href=\"https:\/\/www.secureworks.com\/\">Secureworks Counter Threat Unit<\/a>, has been tracking Conti in its various guises for a long time.<\/p>\n<p>\u201cThese sanctions represent positive, coordinated steps in the global fight against ransomware,\u201d Smith told Computer Weekly.<\/p>\n<p>\u201cBy targeting the specific named individuals in the sanctions today, [they] give law enforcement and financial institutions the mandates and mechanisms needed to seize assets and cause financial disruption to the designated individuals, while avoiding criminalising and re-victimising the victim by placing them in the impossible position of choosing between paying a ransom to recover their business or violating sanctions,\u201d he said.<\/p>\n<p>At the same time, the UK Office of Financial Sanctions Implementation has <a href=\"https:\/\/www.gov.uk\/government\/publications\/financial-sanctions-faqs\">published new public guidance<\/a> to better explain the implications of sanctions against ransomware operators. Similar to how other sanctions work, making funds available to any of the named individuals through ransomware payments now becomes prohibited.<\/p>\n<\/section>\n<\/section>\n<section id=\"DigDeeperSplash\">\n<h4>\n\t\t\t<i data-icon=\"m\"><\/i>Read more on Hackers and cybercrime prevention<\/h4>\n<ul>\n<li><a id=\"DigDeeperItem-1\" href=\"https:\/\/www.computerweekly.com\/news\/252529648\/Hive-ransomware-gang-taken-down-after-FBI-hacks-back\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/visuals\/German\/article\/malware-ransomware-danger-adobe_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/cdn.ttgtmedia.com\/visuals\/German\/article\/malware-ransomware-danger-adobe_searchsitetablet_520X173.jpg 960w,https:\/\/cdn.ttgtmedia.com\/visuals\/German\/article\/malware-ransomware-danger-adobe.jpg 1280w\" alt ><\/p>\n<h5>Hive ransomware gang taken down after FBI hacks back<\/h5>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/computerweekly\/Alex-Scroxton-CW-Contributor-2022.jpg\" alt=\"AlexScroxton\">\n\t\t\t\t\t\t\t\t\t<\/p>\n<p><span>By: <span>Alex\u00a0Scroxton<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<p>\t\t\t\t<\/a><\/li>\n<li><a id=\"DigDeeperItem-2\" href=\"https:\/\/www.techtarget.com\/searchsecurity\/news\/252522479\/Public-sector-still-facing-ransomware-attacks-amid-decline\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/ransom_g817486228_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/ransom_g817486228_searchsitetablet_520X173.jpg 960w,https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/ransom_g817486228.jpg 1280w\" alt ><\/p>\n<h5>Public sector still facing ransomware attacks amid decline<\/h5>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/doyle_peyton.jpg\" alt=\"PeytonDoyle\">\n\t\t\t\t\t\t\t\t\t<\/p>\n<p><span>By: <span>Peyton\u00a0Doyle<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<p>\t\t\t\t<\/a><\/li>\n<li><a id=\"DigDeeperItem-3\" href=\"https:\/\/www.techtarget.com\/searchsecurity\/news\/252521530\/How-Russian-sanctions-may-be-helping-US-cybersecurity\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/security_a303570139_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/security_a303570139_searchsitetablet_520X173.jpg 960w,https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/security_a303570139.jpg 1280w\" alt ><\/p>\n<h5>How Russian sanctions may be helping US cybersecurity<\/h5>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/doyle_peyton.jpg\" alt=\"PeytonDoyle\">\n\t\t\t\t\t\t\t\t\t<\/p>\n<p><span>By: <span>Peyton\u00a0Doyle<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<p>\t\t\t\t<\/a><\/li>\n<li><a id=\"DigDeeperItem-4\" href=\"https:\/\/www.techtarget.com\/searchsecurity\/news\/252520573\/AdvIntel-Conti-rebranding-as-several-new-ransomware-groups\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/ransom_g688123960_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/ransom_g688123960_searchsitetablet_520X173.jpg 960w,https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/ransom_g688123960.jpg 1280w\" alt ><\/p>\n<h5>AdvIntel: Conti rebranding as several new ransomware groups<\/h5>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineImages\/culafi_alexander.jpg\" alt=\"AlexanderCulafi\">\n\t\t\t\t\t\t\t\t\t<\/p>\n<p><span>By: <span>Alexander\u00a0Culafi<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<p>\t\t\t\t<\/a><\/li>\n<\/ul>\n<\/section>\n<\/div>\n<p><a href=\"https:\/\/www.computerweekly.com\/news\/365530822\/UK-imposes-sanctions-on-Conti-ransomware-gang-leaders\" class=\"button purchase\" rel=\"nofollow noopener\" target=\"_blank\">Read More<\/a><br \/>\n Qiana Schewe<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Seven Russian nationals associated with the Conti and Ryuk ransomware operations have been sanctioned by the UK By Alex Scroxton, Security Editor Published: 09 Feb 2023 16:30 The UK government has sanctioned seven Russian cyber criminals associated with the Conti and Ryuk ransomware operations, freezing their assets and imposing travel bans, in a coordinated action<\/p>\n","protected":false},"author":1,"featured_media":606581,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[35353,12,46],"tags":[],"class_list":["post-606580","post","type-post","status-publish","format-standard","has-post-thumbnail","category-imposes","category-sanctions","category-technology"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/606580","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/comments?post=606580"}],"version-history":[{"count":0,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/606580\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media\/606581"}],"wp:attachment":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media?parent=606580"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/categories?post=606580"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/tags?post=606580"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}