Advertisement
General Atomics LB

News

Articles

Information

Resources

Advancing UK Aerospace, Defence, Security & Space Solutions Worldwide
  • Home
  • /
  • Security
  • /
  • Russian ransomware group hit with new sanctions

Security

Russian ransomware group hit with new sanctions

Posted 7 September 2023
A further eleven members of the prolific Conti/Trickbot ransomware group have been exposed and sanctioned by the UK and US, as part of a joint campaign targeting international cyber criminals.

Image courtesy NCA

The US Department of Justice is concurrently unsealing indictments against nine individuals in connection with the Trickbot malware conspiracy and Conti ransomware conspiracy, including seven of the individuals designated today.

Investigations by the NCA and FBI identified that these men, all Russian nationals, were influential members of the group, working as developers, administrators who facilitated payments to the group from ransom funds, and managers who recruited new members from cyber crime forums.

Advertisement
Security & Policing Rectangle

Sanctioned Cyber BlogThe NCA assesses that the group was responsible for extorting at at least £27 million from 149 UK victims. Research by Chainalysis shows that the crime group is responsible for at least $800 million of extortion attacks globally.

The attackers sought to target UK hospitals, schools, local authorities and businesses.

Today’s sanctions have been brought by the FCDO and the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) and are the latest round of designations following the first ever joint UK-US sanctions against seven members of the same group in February this year.

NCA Director General of Operations Rob Jones said: “These sanctions are a continuation of our campaign against international cyber criminals.

“Attacks by this ransomware group have caused significant damage to our businesses and ruined livelihoods, with victims having to deal with the prolonged impact of financial and data losses.

“These criminals thought they were untouchable, but our message is clear: we know who you are and, working with our partners, we will not stop in our efforts to bring you to justice.”

All 18 of these cyber criminals are now subject to travel bans and asset freezes and are severely restricted in their use of the legitimate global financial system.

Assessment and industry reporting show that sanctions have disrupted ransomware operations, including hampering the ability of threat actors to monetise their criminal activities.

As well as disrupting the activities of ransomware criminals via sanctions, the NCA has been working with international partners to target the tools and services that underpin their offending.

Last week, the NCA supported the FBI and DoJ in the takedown of Qakbot malware, which facilitated ransomware attacks and caused millions of pounds worth of damage worldwide.

Over a period of 16 years, Qakbot was used by the Conti group, as well as the criminals behind the ProLock, Egregor, REvil and Black Basta ransomware strains, to steal personal data including banking credentials, from victims.

Although the Conti group disbanded last year, reporting suggests its members, including those sanctioned today, continue to be involved in some of the most notorious new ransomware strains that dominate and threaten UK security.

The group was also one of the first to offer support for Russia’s invasion of Ukraine and key group members highly likely maintain links to the Russian Intelligence Services from whom they have likely received tasking.

Foreign Secretary James Cleverly said: “These cyber-criminals thrive off anonymity, moving in the shadows of the internet to cause maximum damage and extort money from their victims.

“Our sanctions show they cannot act with impunity. We know who they are and what they are doing.

“By exposing their identities, we are dismantling their business models, making it harder for them to target our people, our businesses and our institutions.”

Security Minister Tom Tugendhat said: “These sanctions demonstrate that the UK will crackdown on those trying to hold UK businesses and infrastructure to ransom. We will use our law enforcement agencies to go after the perpetrators and punish their crimes.

“We have the skills and resources to find and unmask criminals who attempt to steal from British businesses, schools and hospitals.

Advertisement
ODU RT

“We will keep working with our partners, like the US, to defeat these threats.”

NCSC CEO Lindy Cameron said: “Alongside this latest round of sanctions, I strongly encourage organisations to proactively obstruct the activities of ransomware operatives by bolstering their online resilience.

“Ransomware continues to be a significant threat facing the UK and attacks can have significant and far-reaching impact.

“The NCSC has published free and actionable advice for organisations of all sizes on how to put robust defences in place to protect their networks.”

The individuals being designated in the UK and US today are:

  • Andrey Zhuykov was a central actor in the group and a senior administrator. Known by the online monikers “Defender”, “Dif” and “Adam”.
  • Maksim Galochkin led a group of testers, with responsibilities for development, supervision and implementation of tests. Known by the online monikers “Bentley”, “Volhvb” and “Max17”
  • Maksim Rudenskiy was a key member of the Trickbot group and was the team lead for coders. Known by the online monikers “Buza”, “Silver” and “Binman”.
  • Mikhail Tsarev was a mid-level manager who assisted with the group's finances and overseeing of HR functions. Known by the online monikers “Mango”, “Frances” and “Khano”.
  • Dmitry Putilin was associated with the purchase of Trickbot infrastructure. Known by the online monikers “Grad” and “Staff”.
  • Maksim Khaliullin was an HR manager for the group. He was associated with the purchase of Trickbot infrastructure including procuring Virtual Private Servers (VPS). Known by the online moniker “Kagas”.
  • Sergey Loguntsov was a developer for the group. Known by the online monikers “Begemot”, “Begemot_Sun” and “Zulas”.
  • Alexander Mozhaev was part of the admin team responsible for general administration duties. Known by the online monikers “Green” and “Rocco”.
  • Vadym Valiakhmetov worked as a coder and his duties included backdoor and loader projects. Known by the online monikers “Weldon”, “Mentos” and “Vasm”.
  • Artem Kurov worked as a coder with development duties in the Trickbot group. Known by the online moniker “Naned”.
  • Mikhail Chernov was part of the internal utilities group. Known by the online monikers “Bullet” and “m2686”.

Guidance for ransomware victims
If you are the victim of a ransomware attack, you should use the UK Government’s Cyber Incident Signposting Site as soon as possible for direction on which agencies to report your incident to.

The Office of Financial Sanctions Implementation has published guidance, which sets out the implications of sanctions in ransomware cases.

Making funds available to the individuals such as paying ransomware, including in cryptoassets, is prohibited under these sanctions.

Organisations should have or should put in place robust cyber security and incident management systems in place to prevent and manage serious cyber incidents.

 

 

 

Advertisement
Babcock LB Babcock LB
Kier Pritchard announced as Ministry of Defence Police Chief Constable

Defence Security

Kier Pritchard announced as Ministry of Defence Police Chief Constable

27 January 2026

Lucy Bogue, Director SJC GUARDIAN, has announced the appointment of Kier Pritchard as Ministry of Defence Police (MDP) Chief Constable following an open selection process.

Blighter to show surveillance radars at World Defense Show

Defence Security Events

Blighter to show surveillance radars at World Defense Show

27 January 2026

Blighter will be attending the World Defense Show in Saudi Arabia from 8th-12th February 2026 to showcase its ITAR-free ground surveillance radars for border security and military base protection.

Heathrow completes £1bn security tech upgrade

Aerospace Security

Heathrow completes £1bn security tech upgrade

26 January 2026

Heathrow has now completed a £1 billion security technology upgrade, becoming the world's largest airport to fully roll out next-gen CT security scanners.

ECS to demo ECS Connect at Security & Policing

Security Events

ECS to demo ECS Connect at Security & Policing

26 January 2026

Enterprise Control Systems (ECS) will be showcasing advanced security and defence solutions at Security & Policing 2026 - taking place 10th-12th March at Farnborough - including the very first public demonstration of the new ECS Connect data link network manager.

Advertisement
ODU RT
NPS to be established as part of police reforms

Security

NPS to be established as part of police reforms

26 January 2026

The UK Government has announced plans to establish a National Police Service (NPS) as part of a proposed range of wider police reforms.

Farnborough International Airshow 2026 unveils new features

Aerospace Defence Security Space Events

Farnborough International Airshow 2026 unveils new features

22 January 2026

The Farnborough International Airshow 2026, returning from 20th to 24th July, will be the largest and most ambitious event in its 78-year history, following record-breaking demand and the addition of a brand-new sixth exhibition hall.

Advertisement
Security & Policing Rectangle
Advertisement
Babcock LB Babcock LB

News

Articles

Information

Resources

© 2026 Advance - All rights reserved

Website by Silkstream

The views expressed are not necessarily those of ADS or its members. No responsibility or liability is accepted by ADS, the editorial team or the publisher for any loss occasioned to any person, legal or physical, acting or refraining from action as a result of any statement, fact, figure, expression of opinion or belief contained within this site.

Advertisement
General Atomics LB