The U.S. And The UK Collaborate Their First-Ever Joint Cybercrime Sanctions Against Cybercriminals

Cybercriminals never engage in a direct contact with their victims. But yet, the damage they create can far exceed most other types of ciminals.

With the internet, cybercriminals can reside on one side of the world, and create world-class catastrophe to the other side of the world. And this trend continues, as the development of malware thrives, and that governments start sponsoring such effort in an act of espionage against their enemies.

And this time, the authorities in the U.S. and UK have made a coordinated action to impose sanctions on seven Russian cybercriminals associated with the deployment of various ransomware, which also include the Trickbot banking trojan.

The joint coordinated action was made following a thorough investigation led by the National Crime Agency (NCA).

This marks the first-ever joint cybercrime sanctions in the UK.

Seven cybercriminals
Credit: NCA

In particular, their targets are notorious ransomware groups known as Conti, Wizard Spider, UNC1878, Gold Blackburn, Trickman, and Trickbot, which have been responsible for the deployment of ransomware strains including Conti, Ryuk, and Trickbot.

According to the British government, the ransomware the groups deploy, is a “tier one national security threat” that’s increasingly used to attack businesses and public sector organizations.

The groups target organizations they expect would pay the most.

And to urge victims to pay, the ransomware gangs carefully timed their attacks to cause the maximum damage.

Conti and Ryuk alone have affected 149 UK individuals and businesses, extracting at least an estimated £27 million.

More recent victims in the UK include the Scottish Environment Protection Agency, food distribution firm Reed Boardall, Cleveland Council, and forensic laboratory Eurofins.

Internationally, victims include the Irish Health Service Executive, Costa Rican Government and American healthcare providers.

The joint action between the U.S. and the UK is sending a message, that cybercriminals and those that support then, "are not immune to UK action."

The U.S. Treasury Department also sent a message to warn that “any foreign financial institution that knowingly facilitates a significant transaction, or provides significant financial services for any of the individuals or entities designated today could be subject to U.S. correspondent or payable-through account sanctions.”

[block:block=87]

According to Graeme Biggar, NCA’s General Director, in a statement quoted in an NCA web post:

"The sanctions are the first of their kind for the UK and signal the continuing campaign targeting those responsible for some of the most sophisticated and damaging ransomware that has impacted the UK and our allies."

And according to Antony J. Blinker, U.S. Secretary of State:

"The United States and the United Kingdom are taking coordinated action targeting cyber criminals who launched assaults against our critical infrastructure."

"We will continue to work with the United Kingdom and with other international partners to expose and disrupt cyber crime emanating from Russia."

Conti recovery service
Screenshot of Conti recovery service, where victims are required to pay to have their data back.

The Conti malware is considered in the UK as the most damaging.

According to the National Cyber Security Centre (NCSC), the ransomware was among the first cybercrime groups to declare support to Russia’s war with Ukraine.

With confidence, the organization that provides advice and support for the public and private sector also assessed that key members of the group are “highly likely” to “maintain links” with the Russian Intelligence services.

While the group was disbanded in May 2022, the British government suggests that former members of Conti continue to be involved in threatening UK security with other, and also new ransomware strains.

Through the collaboration, both the U.S. and UK authorities said that they will continue to expose cybercriminals associated with ransomware groups, and will continue cracking down on their activities.