Seven Russians have been accused by the UK and US for being related to ransomware attacks.
The UK’s Foreign Office, along with US authorities, has released pictures of the men, frozen their assets and imposed travel restrictions.
US authorities have accused them of being members of loosely defined Russian-based hacking network Trickbot.
Ransomware strains Conti and Ryuk extorted at least £27m in ransoms from 149 British victims.
“This is a hugely significant moment for the UK and our collaborative efforts with the US to disrupt international cyber-criminals,” said National Crime Agency director general Graeme Biggar.
“The sanctions are the first of their kind for the UK and signal the continuing campaign targeting those responsible for some of the most sophisticated and damaging ransomware that has impacted the UK and our allies,” he said.
Mikhail Iskritskiy also known as Tropa and Valery Sedletski aka Strix are on the new cyber sanctions list.
The National Cyber Security Centre, a part of GCHQ, has assessed that key group members have strong links to the Russian intelligence services from which they are sometimes directed.
The UK government categorises ransomware as a tier one national security threat with recent victims including UK schools, local authorities and firms.
The individuals sanctioned are: Vitaliy Kovalev, Valery Sedletski, Valentin Karyagin, Maksim Mikhailov, Dmitry Pleshevskiy, Mikhail Iskritskiy and Ivan Vakhromeyev.
The group behind the Conti strain has targeted hospitals, schools, businesses and local authorities, including the Scottish Environment Protection Agency. It extorted $180m (£148m) in ransomware in 2021 alone.
Ireland’s Health Service Executive was targeted by Conti ransomware actors during the Covid pandemic, leading to disruption to blood tests, X-rays, CT scans, radiotherapy and chemotherapy appointments over 10 days.
Another recent ransomware attack included Harrogate-based transportation and cold storage firm Reed Boardall, whose IT systems were under attack for nearly a week in 2021.
Although Conti disbanded in 2022, its members are thought to have continued their attacks under different guises.
Russia has for years denied that it is harbouring ransomware hackers, but cyber-security experts say there is compelling evidence that many of the criminal groups are coordinated from the country.
Many of the gangs operate on Russian-language forums, there are fewer attacks on Russian organisations, and the frequency of hacks dips during Russian public holidays.
The latest sanctions follow multinational efforts to disrupt ransomware crews, most recently by sabotaging the Hive ransomware crew and taking them offline.
© Times of Ukraine