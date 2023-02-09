Guardian offices - Matthew Lloyd/Bloomberg

British companies have been banned from paying ransomware hackers after a spate of attacks on businesses including Royal Mail and the Guardian newspaper.

Foreign Secretary James Cleverly on Thursday unveiled sanctions on seven Russian hackers linked to a gang called Conti, effectively banning any payments to the group.

Thursday’s sanctions are the first of their kind to be specifically targeted against Russian ransomware gang members.

The actions follow a spate of high-profile attacks on businesses and amid warnings from GCHQ that Russian and Iranian hackers are stepping up actions in Britain.

Ransomware is a type of computer virus that scrambles files on infected devices. Criminals then demand cash in exchange for unlocking the computers.

The Foreign Office revealed that £27m has been extorted out of British businesses by just two strains of ransomware.

Mr Cleverly said: “These cynical cyber attacks cause real damage to people’s lives and livelihoods.

“We will always put our national security first by protecting the UK and our allies from serious organised crime – whatever its form and wherever it originates.”

Around 100 UK organisations have paid a total of £10m in ransoms to the gang behind Conti.

Its UK victims include a forensic science company used by police forces to process crime scene samples, several schools and hospitals, and local councils.

The Conti ransomware gang, linked by the Foreign Office to the seven individuals named on Thursday, caused mayhem in Ireland in 2021 after hacking that country’s state health service.

Hospitals around the country were forced to cancel operations as critical computer systems ground to a total halt, rendering 80pc of its IT networks unusable.

Doctors were left working with pens and paper as they struggled to work around the incident, which eventually cost Irish taxpayers £71m to clean up.

The attack happened after a member of staff unknowingly opened a booby-trapped email containing ransomware code.

Story continues

The Foreign Office said Conti was disbanded in May last year but has continued operating under a new name. Hacker gangs regularly change their public-facing identities in an effort to evade identification by Western authorities.

Experts say these groups mostly originate from Russia because authorities there turn a blind eye to activities so long as they are not directed against Russians.

A string of major businesses have suffered from cyber attacks in recent weeks, including the Guardian and Royal Mail, though neither have been linked to Conti. Guardian staff were forced to work from home for weeks after the paper’s systems were frozen, while Royal Mail was left unable to deliver international post.

Security Minister Tom Tugendhat added: “Ransomware criminals have hit hospitals and schools, hurt many and disrupted lives, at great expense to the taxpayer.”