Geopolitical links: In addition, Trickbot was linked by IBM last year to cyberattacks in 2022 tied to the war aimed at both the Ukrainian government and private sector groups and, according to the Treasury Department, have also allegedly targeted the U.S. government and U.S. companies.

“The United States and the U.K. are leaders in the global fight against cybercrime and are committed to using all available tools to defend against cyber threats,” Secretary of State Antony Blinken said in a statement Thursday. “As Russia’s illegal war against Ukraine continues, cooperation with our allies and partners is more critical than ever to protect our national security.”

British attacks: The U.K.’s National Crime Agency identified almost 150 British victims of ransomware linked to Russian cybercriminal groups. And the action taken Thursday is part of an effort to shut down ransomware attacks aimed at the U.K., which are classified there as a “tier 1 national security threat.”

British Foreign Secretary James Cleverly said in a statement Thursday that “by sanctioning these cyber criminals, we are sending a clear signal to them and others involved in ransomware that they will be held to account.”

Past disruption efforts: The hackers associated with Trickbot have continued their activities despite Microsoft taking action in 2020 ahead of the U.S. presidential election to disrupt the group through actions including suspending IP addresses. Whether the new sanctions will be able to permanently damage the group remains unclear.

“These sanctions will likely cause disruption to the adversary’s operations while they look for ways to circumvent the sanctions,” Adam Meyers, head of threat intelligence at cybersecurity group CrowdStrike, said in a statement Thursday. “Often, when cybercriminal groups are disrupted, they will go dark for a time only to rebrand under a new name.”