Russia: cybercrime and co-ordinated sanctions action

28 Feb 2023International

Angelika Hellweger considers the issues involved in the US and UK's sanctioning of Russian cyber criminals

On February 9, seven individuals of the Russian cybercrime group Trickbot were added to the consolidated list under The Cyber (Sanctions) (EU Exit) Regulations 2020.

Trickbot was one of the first cybercrime groups to back Russia's war in Ukraine, according to the National Crime Agency (NCA). The individuals, who are all Russian, have been sanctioned for their involvement in cyberactivity “intended to undermine the integrity of the UK and other countries, or cause economic loss/prejudice to commercial interests’’.

Trickbot's malicious software has been considered one of the internet’s biggest security threats, capable of stealing financial data, moving across networks and planting ransom software. The US Treasury had accused Trickbot of launching ransomware attacks on US hospitals at the height of the coronavirus pandemic in 2020.

The NCA has said that the action against Trickbot individuals was the first sanctions deployment of its kind against cybercriminals and represented the first stage of new coordinated UK-US action against such groups. Both countries have imposed the sanctions.

Although Trickbot's malicious software hasn't been used in two years, the individuals behind it are reportedly still active and collaborating. Some cybercrime experts have argued that Trickbot's activities may have been taken over by another ransomware group, called Conti. Both Trickbot and Conti have been accused by the UK and US of being linked to the Russian intelligence services.

This is the first time that the UK has imposed cybercrime sanctions on ransomware suspects. The action comes just as the UK’s Office of Financial Sanctions Implementation (OFSI) published its guidance on ransomware and sanctions guidance.

Taken together, these two factors indicate an increased determination to identify and sanction those believed to be perpetrating cybercrime. They also highlight the increased international cooperation between enforcement authorities when it comes to ransomware crimes and those who carry them out. The action against the Trickbot individuals came just two weeks after German, Dutch and US authorities worked together to penetrate and shut down another ransomware group called Hive that had targeted schools and hospitals.

While sanctions can limit people's ability to travel internationally, they cannot help with their arrest if they are in a country that permits them to operate and remain there. Therefore, the sanctions against the Trickbot individuals are unlikely to prevent them from laundering the proceeds of their crimes. There is also little prospect of them stopping their criminal activity. They may go ‘underground’ for a while to avoid any immediate attention. But they can be expected to re-emerge later to carry on their activities, although this may be done under a new identity.

Because of these factors, sanctions may convince some criminals to leave the group that is the subject of the sanctions, but they won't be able to significantly lessen the threat or allure of ransomware on their own. As the sanctions were imposed only on individuals, not the group, it would be difficult to determine if any one of them would receive a cut of a ransom.

This also means that ransomware victims could, in theory, still pay a ransom to the group without breaching any regulations, as long as they do not transact with sanctioned persons. Although the UK Treasury has previously warned that paying ransoms may fall foul of sanctions, it is reportedly keen to avoid potentially ‘re-victimising’ hacking targets by making ransomware payments illegal.

It is significant that Russia already appears to have reacted to this joint US-UK action. The Russian government reportedly wants to decriminalise hacking and is exploring the idea of absolving Russian hackers of criminal liability wherever they are based, providing the hacking is carried out in the interests of the Russian state.

Angelika Hellweger is legal director at Rahman Ravelli rahmanravelli.co.uk

Legal News desk contact: editorial@solicitorsjournal.com

Government scraps audit reform

What the collapse of the Audit Reform Bill means for regulation, accountability and legal practice

Sewage pollution litigation after Manchester Ship Canal

How the Supreme Court’s ruling is reshaping nuisance claims, protest litigation and regulatory limits across England and Wales

FCA non-financial misconduct rules clarified

The FCA’s final guidance on non-financial misconduct offers clarification, but leaves firms grappling with judgement-heavy implementation

Judiciary launches new diversity strategy initiative

The judiciary's new strategy aims to enhance diversity in the UK judicial system over five years

Personal injury claims numbers plummet dramatically

The number of personal injury claims in the UK has hit unprecedented lows, especially motor injury claims

Government urged to review legal costs

A senior costs lawyer has called for an independent review of fixed costs in the legal industry, highlighting the detrimental impact on firms and access to justice.

Building Safety Act litigation redefines investor risk

Recent case law shows how courts and tribunals are extending Building Safety Act liabilities beyond what investors originally anticipated

US musicians lose challenge over UK performers' rights restrictions

High Court rules treaty obligations non-justiciable in domestic law without parliamentary incorporation.

Actinon PTE Limited v Char Biocarbon Inc: Affirmation and contractual obligations

Commercial dispute highlights principles of waiver by election and contract interpretation

Matthew Haydon v R: Court of Appeal clarifies "likely" in explosive substances offences

Court confirms "likely" means "could well happen" rather than "more probable than not"

Cloisters Business Centre v Anvari: mixed-use premises and service charge protection

Court confirms tenants of mixed-use properties qualify for statutory service charge controls.

NHS commissioning activities fall outside TUPE protection, Court of Appeal rules

Employment law case clarifies when healthcare reorganisations trigger transfer protections for staff.

BTR Core Fund v HMRC: Upper Tribunal clarifies overpayment relief exclusions

Stamp duty land tax overpayment relief and the meaning of "mistake in a claim"

Court of Appeal rules criminal earnings count as income for ESA purposes

Criminal activity constitutes work and generates income for benefits assessment purposes.

Alpha Anne v Great Ormond Street Hospital: Indirect discrimination and TUPE transfers

Post-transfer pay disparity constitutes unlawful indirect race discrimination despite TUPE complications.

SJ Interview: Joelle Grogan

Dr Joelle Grogan is a legal scholar specialising in the rule of law in times of crisis. She presents The Law Show on BBC Radio 4, and is Co-Academic Director of the Rule of Law Clinic at the CEU Democracy Institute (Budapest), and a Senior Research Fellow at the UCD Sutherland School of Law. Her work focuses on constitutional accountability, emergency powers, and legal misinformation. In this interview, she examines the pressures facing the rule of law in the UK, from executive power and court delays to media narratives, emergencies, and the impact of AI on legal practice.

AI in Law: responsibility never delegated

As AI becomes routine in legal practice, regulators and courts insist accountability stays firmly with the human professional