Eleven members of a Russian hacking gang that supported Vladimir Putin’s invasion of Ukraine and targeted UK hospitals during the COVID pandemic have been hit with sanctions.
The Trickbot group extorted at least $180m (£145m) across the world, including at least £27m from 149 victims in the UK, where it targeted schools, councils and businesses, according to the National Crime Agency (NCA).
The gang is accused of infecting millions of computers worldwide with malware.
It also offered support for Russia’s conflict in Ukraine and key members are believed to maintain links to Russian intelligence services from whom they have likely received instructions, the Foreign Office said.
The gang also threatened those who opposed the Kremlin’s invasion, according to the government department.
The UK and US on Thursday imposed sanctions on 11 of its members.
NCA Director General of Operations Rob Jones said: “These sanctions are a continuation of our campaign against international cyber criminals.
“Attacks by this ransomware group have caused significant damage to our businesses and ruined livelihoods, with victims having to deal with the prolonged impact of financial and data losses.
“These criminals thought they were untouchable, but our message is clear: we know who you are and, working with our partners, we will not stop in our efforts to bring you to justice.”
Who are the hackers hit with sanctions?
:: Andrey Zhuykov was a central actor in the group and a senior administrator. Known by the online monikers “Defender”, “Dif” and “Adam”.
:: Maksim Galochkin led a group of testers, with responsibilities for development, supervision and implementation of tests. Known by the online monikers “Bentley”, “Volhvb” and “Max17”.
:: Maksim Rudenskiy was a key member of the Trickbot group and was the team lead for coders. Known by the online monikers Buza, Silver and Binman.
:: Mikhail Tsarev was a mid-level manager who assisted with the group’s finances and overseeing of HR functions. Known by the online monikers Mango, Frances and Khano.
– Dmitry Putilin was associated with the purchase of Trickbot infrastructure. Known by the online monikers Grad and Staff.
:: Maksim Khaliullin was an HR manager for the group. He was associated with the purchase of Trickbot infrastructure including procuring Virtual Private Servers (VPS). Known by the online moniker Kagas.
:: Sergey Loguntsov was a developer for the group. Known by the online monikers Begemot, Begemot_Sun and Zulas.
:: Alexander Mozhaev was part of the admin team responsible for general administration duties. Known by the online monikers Green and Rocco.
:: Vadym Valiakhmetov worked as a coder and his duties included backdoor and loader projects. Known by the online monikers Weldon, Mentos and Vasm.
:: Artem Kurov worked as a coder with development duties in the Trickbot group. Known by the online moniker Naned.
– Mikhail Chernov was part of the internal utilities group. Known by the online monikers “Bullet” and “m2686”.
It comes after seven members of the same group were hit with sanctions in February.
All 18 are now subject to travel bans and asset freezes as well as being restricted in their use of the legitimate global financial system.
Read more from Sky News:
Russia-linked cyber attack groups ‘want to destroy’ UK’
Microsoft reveals extent of attacks by Russian hackers on Ukraine allies
While largely symbolic, given the sanctions already imposed on Russia and the unlikelihood of hackers based there, officials say they can make it harder for them to launder money.
US officials have indicted nine people, including seven of the latest group to be sanctioned, tied to the gang’s malware and the Conti ransomware schemes.
Foreign Secretary James Cleverly said: “These cyber-criminals thrive off anonymity, moving in the shadows of the internet to cause maximum damage and extort money from their victims.
Be the first to get Breaking News
Install the Sky News app for free
“Our sanctions show they cannot act with impunity. We know who they are and what they are doing.
“By exposing their identities, we are dismantling their business models, making it harder for them to target our people, our businesses and our institutions.”