Skip to content
US and UK accuse 11 Russians of leading cybercrime ring that attacked hospitals around the world

The Justice Department has charged 11 Russian men in connection with a group of hackers behind some of the world’s biggest cyberattacks, including destructive hacks against major hospital chains.

In simultaneous statements announcing sanctions against the men, the US Treasury Department and the UK government publicly stated that the alleged cybercriminals had explicit ties to Russian intelligence.

In a series of three indictments unveiled on Thursday, the Justice Department accused the 11 men of helping run Conti, one of the most notorious ransomware gangs, and developing Trickbot, a software malware that Conti used to gain access to the victims’ computer networks.

Scripps Mercy Hospital in San Diego.Google Maps

Ransomware is a type of cybercrime in which hackers encrypt victims’ computer systems, rendering them unusable, and then demand a ransom payment for a key to repair the damage. Many ransomware groups also steal their victims’ personal data and threaten to publish it online if they are not paid.

The announcement is the first public action taken by a government against Conti, who since 2020 has hacked and extorted major organizations, including Western governments, with apparent impunity. Conti’s victims included the San Diego area hospital chain Scripps Health and Ireland’s national healthcare system in 2021, as well as Costa Rica’s tax collection system last year, prompting the country to declare the state emergency.

Cybersecurity experts have long inferred links between Russia’s thriving cybercrime scene, where hackers attacking foreign targets appear to operate with impunity, and Russian security services. Thursday’s announcements were sparse as the US and UK made the accusations explicit.

UK sanctions announcement says Conti was ‘one of the first to offer support for Russia’s invasion of Ukraine, maintaining ties and receiving assignments from Russian intelligence services “.

The Treasury Department said the developers of Trickbot had “ties to Russian intelligence.”

The Russian Foreign Ministry did not respond to an email seeking comment.

The Russian Constitution prohibits the extradition of its citizens. There is therefore little chance that these men will be arrested if they remain in the country.

Earlier this year, US intelligence discovered that a group of Russian hackers who had gained access to a Canadian gas infrastructure company were taking orders from Russian FSB managers, according to a top-secret memo leaked in line.

Brett Callow, an analyst at ransomware recovery firm Emsisoft, said Conti was the second most prolific ransomware group targeting hospitals and tended to prey on large hospital chains and governments around the world. the hope of getting a big salary.

“I guess it’s because they found that attacks against those sectors had above-average ROI,” Callow said.