Eleven Members of Russian Cyber Gang Face Asset Freezes and Travel Bans
Ransomware Attacks on Hospitals and Infrastructure Prompt Sanctions
In a significant move aimed at countering the escalating threat of ransomware attacks, UK and US authorities have imposed sanctions on eleven members of a Russian cybercriminal gang responsible for a wave of cyberattacks on critical infrastructure, including hospitals. This coordinated effort comes in response to the gang’s involvement in high-stakes ransomware activities and their intimidation tactics related to the illegal Russian invasion of Ukraine. These sanctions, which include asset freezes and travel bans, were announced today, September 7.
US Department of Justice Unseals Indictments
The US Department of Justice (DOJ) has simultaneously unveiled indictments against seven individuals from the same gang. These measures signal a strong commitment to disrupting the activities of this cybercriminal group, which has wreaked havoc on a global scale.
£27 Million Extorted from UK Victims
The National Crime Agency (NCA) led a comprehensive investigation into the gang, revealing that they extorted at least $180 million from victims worldwide, with £27 million coming from 149 UK victims alone. Their targets included UK hospitals, schools, local authorities, and businesses.
The Designated Individuals
The following individuals have been designated for sanctions in the UK:
- Andrey Zhuykov – A central figure and senior administrator known by the online monikers “Defender,” “Dif,” and “Adam.”
- Maksim Galochkin – Led a team of testers responsible for the development and implementation of tests, using online monikers “Bentley,” “Volhvb,” and “Max17.”
- Maksim Rudenskiy – A key member of the Trickbot group who led the coding team, identified by the online monikers “Buza,” “Silver,” and “Binman.”
- Mikhail Tsarev – A mid-level manager handling finances and HR functions, using online aliases “Mango,” “Fr*ances,” and “Khano.”
- Dmitry Putilin – associated with the purchase of Trickbot infrastructure, recognized online as “Grad” and “Staff.”
- Maksim Khaliullin – Managed HR for the group and was involved in the procurement of infrastructure, including Virtual Private Servers (VPS), known as “Kagas.”
- Sergey Loguntsov – A developer for the group, using online monikers “Begemot,” “Begemot_Sun,” and “Zulas.”
- Alexander Mozhaev – Part of the admin team handling general administration duties, recognized as “Green” and “Rocco.”
- Vadym Valiakhmetov – Worked as a coder, focusing on backdoor and loader projects, using online aliases “Weldon,” “Mentos,” and “Vasm.”
- Artem Kurov – Another coder with development duties within the Trickbot group, known as “Naned.”
- Mikhail Chernov – Part of the internal utilities group, recognized by online monikers “Bullet” and “m2686.”
Sanctions Coordination with the US
This joint effort with the United States sends a powerful message to cyber threat actors, indicating that their illicit activities will not go unchecked. We intend these sanctions to disrupt their criminal business models, making it more challenging for them to target individuals, businesses, and institutions.
Exposing the Cyber Criminals
UK Foreign Secretary James Cleverly emphasized that these cyber criminals had thrived on anonymity but would no longer operate with impunity. By exposing their identities, the UK and US aim to disrupt their operations and protect their citizens and institutions from future attacks.
Ransomware and Support for Russia’s Invasion
Several of the individuals facing sanctions played significant roles within the gang. In addition to their ransomware activities, they offered support for Russia’s invasion of Ukraine, maintaining links with the Russian Intelligence Services.
Strong Words from UK Officials
Deputy Prime Minister and Secretary of State in the Cabinet Office Oliver Dowden emphasized the UK’s commitment to protecting national security, while Security Minister Tom Tugendhat assured that the UK would use its law enforcement agencies to track down and punish cyber criminals.
NCA’s Determination to Bring Justice
NCA Director General of Operations Rob Jones underlined that these sanctions marked a continuation of the campaign against international cyber criminals. He pointed out the significant damage inflicted by this ransomware group on businesses and individuals, vowing not to stop until justice was served.
Lindy Cameron, CEO of the National Cyber Security Centre (NCSC), encouraged organizations to bolster their online resilience against ransomware operatives. Ransomware remains a substantial threat, and the NCSC provides free and actionable advice for organizations of all sizes on how to enhance their network defenses.
Commitment to Crack Down on Cyber Criminals
Today’s sanctions announcement underscores the UK’s unwavering commitment to cracking down on cyber criminals. It builds upon previous joint UK-US sanctions against ransomware actors earlier this year, bringing the total number of group members sanctioned to 18.