Heimdal
article featured image

Contents:

As part of a new coordinated action against international cybercrime, the UK and the US have sanctioned seven Russian cyber criminals today (Thursday, 9 February).

Several ransomware strains have been developed or deployed by these individuals that have targeted the UK and US.

By sanctioning these cyber criminals, we are sending a clear signal to them and others involved in ransomware that they will be held to account. These cynical cyber attacks cause real damage to people’s lives and livelihoods. We will always put our national security first by protecting the UK and our allies from serious organized crime – whatever its form and wherever it originates.

Foreign Secretary James Cleverly.

Ransomware criminals deliberately target the systems of organizations that they believe will pay them the most money and time for their attacks to cause the most damage, including hospitals amid a pandemic.

Groups such as Wizard Spider, UNC1878, Gold Blackburn, Trickman, and Trickbot developed and deployed Trickbot, Anchor, BazarLoader, and BazarBackdoor, in addition to the ransomware strains Conti and Diavol. They are also involved in the distribution of the Ryuk ransomware.

At least £27 million was extricated by the ransomware strains Conti and Ryuk, which affected 149 UK individuals and businesses. Approximately £10 million was paid to the 104 UK victims of the Conti strain, while about £17 million was paid to the 45 UK victims of the Ryuk strain.

Conti was responsible for attacks on hospitals, schools, businesses, and local governments, including the Scottish Environment Protection Agency. According to Chainalysis research, the Conti group extorted $180 million in ransomware in 2021 alone.

Conti was one of the first cybercrime organizations to support Russia’s war in Ukraine, expressing their support for the Kremlin within 24 hours of the invasion.

Although the Conti ransomware group disbanded in May 2022, reports indicate that members of the group are still involved in some of the most notorious new ransomware strains that dominate and threaten UK security.

We’re targeting cyber criminals who have been involved in some of the most prolific and damaging forms of ransomware. Ransomware criminals have hit hospitals and schools, hurt many and disrupted lives, at great expense to the taxpayer. Cyber crime knows no boundaries and threatens our national security. These sanctions identify and expose those responsible.

Security Minister Tom Tugendhat.

Ransomware criminals, hospitals, a forensic lab, and local authorities have targeted several schools and universities in the UK. Last year, the Costa Rican government was also attacked.

During the COVID pandemic, Ireland’s Health Service Executive was targeted by ransomware actors, disrupting blood tests, x-rays, CT scans, radiotherapy, and chemotherapy appointments.

In 2021, Harrogate-based transportation, and cold storage company, was also attacked by ransomware.

In collaboration with partners, the NCA has conducted a complex, large-scale, and ongoing investigation to disrupt the ransomware threat to the UK.

National Crime Agency Director-General Graeme Biggar said:

This is a hugely significant moment for the UK and our collaborative efforts with the US to disrupt international cyber criminals. The sanctions are the first of their kind for the UK and signal the continuing campaign targeting those responsible for some of the most sophisticated and damaging ransomware that has impacted the UK and our allies. They show that these criminals and those that support them are not immune to UK action, and this is just one tool we will use to crack down on this threat and protect the public.

The UK and US will continue to expose these cyber criminals and crack down on their activities. These sanctions mark the start of a coordinated campaign against ransomware actors.

The National Cyber Security Centre (NCSC), which is part of GCHQ, said that, almost certainly, the Conti group chose their targets based on the perceived value they could extract from them.

Several group members have strong ties to the Russian Intelligence Services from which they likely receive tasks. In addition, targeting specific organizations, such as the International Olympic Committee, almost certainly aligns with Russian state goals.

This group likely evolved from previous cyber organized crime groups and has extensive links to other cybercriminals, including EvilCorp and those behind Ryuk ransomware.

Ransomware victims should use the UK government’s Cyber Incident Signposting Site immediately following an attack.

On February 9th, the UK’s Office of Financial Sanctions Implementation (OFSI) also released new public guidance outlining the implications of these new sanctions in ransomware cases.

Heimdal Official Logo
Neutralize ransomware before it can hit.

Heimdal™ Ransomware Encryption Protection

Specifically engineered to counter the number one security risk to any business – ransomware.
  • Blocks any unauthorized encryption attempts;
  • Detects ransomware regardless of signature;
  • Universal compatibility with any cybersecurity solution;
  • Full audit trail with stunning graphics;
Try it for FREE today 30-day Free Trial. Offer valid only for companies.

How Can Heimdal® Help You Against Ransomware Attacks?

As part of its outstanding integrated cybersecurity suite, Heimdal provides Ransomware Encryption Protection, which is universally compatible with any antivirus solution and 100% signature-free, ensuring superior detection and remediation of all types of ransomware.

Also, if you want to learn more about ransomware, how it spreads, what the main attack vector is in a ransomware attack, and how to prevent and mitigate it, feel free to read the in-depth articles we created for you so you can protect your organization.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, YouTube, and Instagram for more cybersecurity news and topics. 

Author Profile

Gabriella Antal

SMM & Corporate Communications Officer

linkedin icon

Gabriella is the Social Media Manager and Cybersecurity Communications Officer at Heimdal®, where she orchestrates the strategy and content creation for the company's social media channels. Her contributions amplify the brand's voice and foster a strong, engaging online community. Outside work, you can find her exploring the outdoors with her dog.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE