On Thursday, the United Kingdom and United States imposed sanctions on seven people linked to a single criminal network responsible for Conti and Ryuk ransomware gangs and the Trickbot banking trojan. This is the first major move of a new joint campaign between the two countries, and more actions are expected in the future. The sanctions mean that the individuals have their assets frozen and are banned from travelling. The US Department of Justice also charged the hacker known as Bentley, whose real name is Vitaly Kovalev, with conspiracy to commit bank fraud and eight counts of bank fraud. The sanctions do not include the entire network, and the reasons for sanctioning these individuals and not others were not disclosed. This is the first time that Western governments have formally linked the Conti and Ryuk ransomware gangs and the Trickbot banking trojan to a single criminal organization. The British Office of Financial Sanctions Implementation and the US Treasury's Office of Foreign Assets Control announced an Enhanced partnership last October to address the Russian invasion of Ukraine. The UK government warned that making payments to the individuals, including in crypto assets, is prohibited under these sanctions. The sanctions are meant to target named individuals rather than the ransomware brands they work for, making it difficult to link an extortion payment to one of the sanctioned parties. All seven criminals are based in Russia, which does not extradite its own citizens, making arrests by Western law enforcement unlikely. The sanctions are meant to disrupt the criminals' anonymity and add stress to any potential relationships between them and Russia's Federal Security Service. The UK's National Cyber Security Centre believes that the group has links to Russian intelligence services and has likely received tasking from them. The targeting of certain organisations, such as the International Olympic Committee, by the group is likely aligned with Russian state objectives. The US Treasury referred to the overall cybercrime operation as the Trickbot Group and said it is associated with Russian Intelligence Services. The Trickbot Group's preparations in 2020 aligned them to Russian state objectives and targeting previously conducted by Russian Intelligence Services. The FBI and Department of Justice announced last month that they had infiltrated the Hive ransomware group and had been identifying victims and providing them with the decryption keys for around six months. Only 20% of victims reported attacks to law enforcement, indicating the lack of visibility that law enforcement has on the scale of the criminal industry. The sanctions are meant to cause financial disruption to the designated individuals while avoiding criminalizing and re-victimizing the victims by placing them in the impossible position of choosing between paying a ransom to recover their business or violating sanctions.
This Cyber News was published on therecord.media. Publication date: Thu, 09 Feb 2023 15:44:03 +0000