The United Kingdom and the United States have sanctioned seven Russian men for their involvement in recent ransomware attacks.
The Foreign Office of the United Kingdom, in collaboration with US authorities, has released images of the men, frozen their assets, and imposed travel restrictions.
Authorities in the United States have accused them of being members of the ill-defined Russian-based hacking network Trickbot.
Ransomware variants Conti and Ryuk demanded at least £27 million in ransom payments from 149 British victims.
“This is a hugely significant moment for the UK and our collaborative efforts with the US to disrupt international cyber-criminals,” said Graeme Biggar, director general of the National Crime Agency.
“The sanctions are the first of their kind for the United Kingdom and signal the continuation of our campaign to target those responsible for some of the most sophisticated and damaging ransomware that has impacted the United Kingdom and our allies,” he said.
The National Cyber Security Centre, a division of GCHQ, has determined that key members of the group are “highly likely” to have strong ties to Russian intelligence services, to which they are sometimes directed.
There was no evidence to back up this claim.
Ransomware is classified as a tier one national security threat by the UK government, with recent victims including UK schools, local governments, and businesses.
Vitaliy Kovalev, Valery Sedletski, Valentin Karyagin, Maksim Mikhailov, Dmitry Pleshevskiy, Mikhail Iskritskiy, and Ivan Vakhromeyev have all been sanctioned.
Arrests are impossible to make unless the accused flee the country.
The Conti strain’s creators have targeted hospitals, schools, businesses, and local governments, including the Scottish Environment Protection Agency. According to Chainalysis research, it extorted $180 million (£148 million) in ransomware in 2021 alone.
During the Covid pandemic, Ireland’s Health Service Executive was targeted by Conti ransomware actors, disrupting blood tests, X-rays, CT scans, radiotherapy, and chemotherapy appointments for 10 days.
Reed Boardall, a Harrogate-based transportation and cold storage firm, was also hit by ransomware in 2021, with its IT systems under attack for nearly a week.
Conti was disbanded in 2022, but its members are believed to have continued their attacks under different guises.
Russia has long denied harbouring ransomware hackers, but cyber-security experts say there is compelling evidence that many of the criminal groups are coordinated from Russia.
Many of the gangs operate on Russian-language forums, there are fewer attacks on Russian organisations, and the frequency of hacks decreases during Russian national holidays.
The latest sanctions follow multinational efforts to disrupt ransomware crews, most recently by sabotaging and taking offline the Hive ransomware crew.
Previously, the US and the UK collaborated on sanctions issued in 2020 against alleged members of the cyber-crime group Evil Corp. Authorities believe that some of the men named in the latest sanctions may have previously worked for the group.
The BBC travelled to Russia in 2021 to try to locate the group and was told by a family member that the sanctions had made them fear for their safety.