In coordination with the US, the UK government has placed financial and travel sanctions on 7 Russian cyber criminals.

  • Vitaliy Kovalev
  • Valery Sedletski
  • Valentin Karyagin
  • Maksim Mikhailov
  • Dmitry Pleshevskiy
  • Mikhail Iskritskiy
  • Ivan Vakhromeyev

The Foreign, Commonwealth and Development Office (FCDO) has imposed travel bans and frozen the assets of the seven Russian nationals in connection to ransomware which has been used to attack UK infrastructure, and international targets.

Attacks specifically targeted organisations that were expected pay the most money, and attacks were timed to cause maximum damage, even targeting hospitals during the pandemic.

Several Ransomware groups including Conti, which itself extorted $180 million in ransomware in 2021; have been responsible for the continuing development and deployment of malware targeting the UK.

The National Crime Agency (NCA) has identified 149 British victims who had been affected by strains of ransomware linked to the seven sanctioned individuals, which were responsible for extorting an estimated £27m million. 104 UK victims of the Conti strain paid approximately £10 million, while 45 victims of the Ryuk strain paid around £17 million.

Conti was one among the first cybercrime groups to back Russia’s war in Ukraine, Confirming support for the Kremlin in the 24 hours of Putin’s “Special Military Operation”.

Although apparently disbanding in 2022, members of Conti group continue to be involved in new ransomware strains which are viewed as a Tier 1 threat to UK security; targeting hospitals, schools, universities, forensic laboratories, businesses, and local authorities. Victims included Ireland’s Health Service Executive, which led to disruptions to blood tests, x-rays, CT scans, radiotherapy and chemotherapy treatment.

The National Cyber Security Centre (NCSC), has assessed that:

  • it is almost certain that the Conti group were primarily financially motivated and chose their targets based on the perceived value they could extort.
  • key members are linked to the Russian Intelligence Services from whom they have likely received tasking. The targeting of certain organisations, such as the International Olympic Committee, which aligns with Russian state objectives.
  • it is highly likely that the group evolved from previous cyber organised crime groups and have extensive links to other cyber criminals, notably EvilCorp and those responsible for Ryuk ransomware.

National Crime Agency Director-General Graeme Biggar said:

This is a hugely significant moment for the UK and our collaborative efforts with the US to disrupt international cyber criminals.

The sanctions are the first of their kind for the UK and signal the continuing campaign targeting those responsible for some of the most sophisticated and damaging ransomware that has impacted the UK and our allies. They show that these criminals and those that support them are not immune to UK action, and this is just one tool we will use to crack down on this threat and protect the public.

NCSC Chief Executive Officer Lindy Cameron said:

Ransomware is the most acute cyber threat facing the UK, and attacks by criminal groups show just how devastating its impact can be.

The NCSC has advised that it is vital organisations take immediate steps to limit their risk by following the NCSC’s advice on how to put robust defences in place to protect their networks.

Victims of ransomware attacks should use the UK government’s Cyber Incident Signposting Site as soon as possible after an attack.

For help and advice about securing your own business, give us a call on 020 3947 5799, or email me at