View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
September 7, 2023updated 08 Sep 2023 10:27am

Conti and Trickbot ransomware gang members sanctioned by UK and US

The 11 alleged cybercriminals have been handed financial sanctions and travel bans in the latest joint operation between law enforcement agencies.

By Matthew Gooding

Eleven members of the Russian ransomware group Conti have been exposed in a joint operation by law enforcement agencies in the UK and the US. The gang is believed to have extorted £27m from 149 UK-based victims as part of a crime spree spanning several years.

The NCA has sanctioned members of the Conti ransomware gang. (Photo by T. Schneider/Shutterstock)

Investigations by the UK’s National Crime Agency (NCA) and the FBI identified that the men, all Russian nationals, were influential members of the group, working as developers, administrators who facilitated payments from ransom funds, and managers who recruited new members from cybercrime forums.

The US Department of Justice has also unsealed indictments against nine individuals in connection with the Trickbot malware conspiracy, including seven of the individuals named as Conti members today. Trickbot is another Russian ransomware gang thought to have been taken over by Conti, which later used the group’s malware as part of its attacks.

UK and US target cybercriminals behind Conti and Trickbot

Sanctions have been placed on 11 men suspected of being part of Conti and Trickbot. They are Andrey Zhuykov – described as the group’s “central actor” – Maksim Galochkin, Maksim Rudenskiy, Mikhail Tsarev, Dmitry Putilin, Maksim Khaliullin, Sergey Loguntsov, Vadym Valiakhmetov, Artem Kurov, Mikhail Chernov and Alexander Mozhaev.

The sanctions have been brought by the FCDO and the US Department of the Treasury’s Office of Foreign Assets Control (OFAC), and mean those named can have assets seized by the UK and US governments, and are banned from making financial transactions. Any businesses and individuals that facilitate such transactions could themselves be sanctioned. They are also banned from travelling.

Today’s news follows sanctions issued to seven other members of the group in February

Rob Jones, NCA director general of operations, said: “These sanctions are a continuation of our campaign against international cyber criminals.

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

“Attacks by this ransomware group have caused significant damage to our businesses and ruined livelihoods, with victims having to deal with the prolonged impact of financial and data losses.

“These criminals thought they were untouchable, but our message is clear: we know who you are and, working with our partners, we will not stop in our efforts to bring you to justice.”

Foreign Secretary James Cleverly said the criminals “thrive off anonymity, moving in the shadows of the internet to cause maximum damage and extort money from their victims”. Cleverly added: “Our sanctions show they cannot act with impunity. We know who they are and what they are doing.

“By exposing their identities, we are dismantling their business models, making it harder for them to target our people, our businesses and our institutions.”

Conti’s campaign of chaos coming to an end?

The NCA assesses that Conti and Trickbot were responsible for extorting at least £27m from 149 UK victims. Research by Chainalysis suggests they have attempted to extort more than $800m from victims including hospitals, schools, local authorities and businesses.

Internationally, its biggest victim was the nation of Costa Rica, which saw multiple public services shut down for weeks after the gang successfully attacked government servers last year. Conti reportedly disbanded following the attack, though security researchers were sceptical about this.

As reported by Tech Monitor, last week the NCA supported the FBI and DoJ in the takedown of Qakbot botnet, used by Conti and other gangs like REvil and Black Basta in ransomware attacks.

Lindy Cameron, CEO of the UK’s National Cyber Security Centre, said: “Alongside this latest round of sanctions, I strongly encourage organisations to proactively obstruct the activities of ransomware operatives by bolstering their online resilience.”

She added: “Ransomware continues to be a significant threat facing the UK and attacks can have significant and far-reaching impact.”

Read more: MoD documents stolen in LockBit cyberattack

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU