US and UK sanction Conti, Ryuk, and Trickbot developers


Both governments coordinated sanctioning seven Russian nationals suspected to be behind several malware strains, including Ryuk, Conti, and Trickbot.

The coordinated action from Washington and London targets Russian nationals Vitaly Kovalev, Maksim Mikhailov, Valentin Karyagin, Mikhail Iskritskiy, Dmitry Pleshevskiy, Ivan Vakhromeyev, and Valery Sadletski.

According to the UK‘s Foreign, Commonwealth & Development Office (FCO), seven cybercriminals are responsible for developing and deploying a range of ransomware strains that targeted the US and UK.

The British authorities said that sanctioned individuals have been “involved with some of the most prolific and damaging forms of ransomware.”

“Ransomware groups known as Conti, Wizard Spider, UNC1878, Gold Blackburn, Trickman, and Trickbot have been responsible for the development and deployment of: Trickbot, Anchor, BazarLoader, BazarBackdoor as well as the ransomware strains Conti and Diavol. They are also involved in the deployment of Ryuk ransomware,” reads the FCO’s statement.

According to the US Department of the Treasury, several sanctioned individuals are behind the Trickbot malware. The group is linked to the Russian Intelligence Services as the group’s operations aligned with Russia’s state objectives in 2020, including the targeting of the Us government and businesses.

All seven individuals will have all their property and assets frozen and prohibited any dealing with US citizens or within the US. Russian nationals also receive a travel ban, preventing them from travelling to any ally of the US and UK.

“The sanctions are the first of their kind for the UK and signal the continuing campaign targeting those responsible for some of the most sophisticated and damaging ransomware that has impacted the UK and our allies,” Graeme Biggar, UK’s National Crime Agency Director-General, said.

American authorities believe that Kovalev (nickname Bentley, Ben) was a top figure in the Trickbot group and has committed crimes against US financial institutions since 2009.

Mikhailov (Baget) is believed to be a developer in the Trickbot group, Iskritskiy (Tropa) laundered money for the group, Vakhromeyev (Mushroom) managed the group’s activities while Sadletski (Strix) ran the gang’s servers.

According to the US Treasury, Karyagin (Globus) developed several ransomware strains and other malware. Pleshevskiy (Iseldor) injected malicious code around the web to steal victims’ credentials.