U.S., U.K. sanction Russian hackers in ransomware attacks

The sanctions are the latest effort by Western nations to crack down on Russian hacking operations.

U.S., U.K. sanction Russian hackers in ransomware attacks

The United States and the United Kingdom on Thursday jointly sanctioned seven Russian government-linked hackers who were linked to ransomware attacks against critical infrastructure in the U.S., U.K. and Ukraine.

Big picture: The sanctions are the latest effort by Western nations to crack down on Russian hacking operations, which have surged in the past year as a result of the Russian invasion of Ukraine and heightened tensions with the West.

The seven Russian individuals sanctioned — Vitaly Kovalev, Maksim Mikhailov, Valentin Karyagin, Mikhail Iskritskiy, Dmitry Pleshevskiy, Ivan Vakhromeyev and Valery Sedletski — were all alleged to by the U.S. Treasury Department to be members of the Russian-based cybercriminal group Trickbot. They are alleged to be behind attacks on critical infrastructure, including hospitals in both the U.S. and the U.K. during the Covid-19 pandemic, and are associated with Russian intelligence services.



Geopolitical links: In addition, Trickbot was linked by IBM last year to cyberattacks in 2022 tied to the war aimed at both the Ukrainian government and private sector groups and, according to the Treasury Department, have also allegedly targeted the U.S. government and U.S. companies.

“The United States and the U.K. are leaders in the global fight against cybercrime and are committed to using all available tools to defend against cyber threats,” Secretary of State Antony Blinken said in a statement Thursday. “As Russia’s illegal war against Ukraine continues, cooperation with our allies and partners is more critical than ever to protect our national security.”

British attacks: The U.K.’s National Crime Agency identified almost 150 British victims of ransomware linked to Russian cybercriminal groups. And the action taken Thursday is part of an effort to shut down ransomware attacks aimed at the U.K., which are classified there as a “tier 1 national security threat.”

British Foreign Secretary James Cleverly said in a statement Thursday that “by sanctioning these cyber criminals, we are sending a clear signal to them and others involved in ransomware that they will be held to account.”

Past disruption efforts: The hackers associated with Trickbot have continued their activities despite Microsoft taking action in 2020 ahead of the U.S. presidential election to disrupt the group through actions including suspending IP addresses. Whether the new sanctions will be able to permanently damage the group remains unclear.

“These sanctions will likely cause disruption to the adversary’s operations while they look for ways to circumvent the sanctions,” Adam Meyers, head of threat intelligence at cybersecurity group CrowdStrike, said in a statement Thursday. “Often, when cybercriminal groups are disrupted, they will go dark for a time only to rebrand under a new name.”