The Foreign Affairs Council has adopted sanctions against six Russian individuals responsible for serious cyber operations that have caused widespread damage in the EU, including bank hacks and ransomware attacks on the healthcare sector. Two of them are leading figures in the cybercrime circuit. Thanks to close cooperation between the Ministry of Foreign Affairs, the Ministry of Justice and Security, the Public Prosecution Service and the police, they can now be sanctioned by the EU.
With these sanctions the EU has taken an important step towards a safer cyber domain. Because alongside cyber espionage and cyber sabotage, for the first time the EU is now also tackling cybercriminals who cause serious damage to our society for the sake of financial gain. Not only will these criminals now have to suffer the personal consequences of their malicious behaviour, but individuals and entities that do business with them are also targeted. Through effective expertise and knowledge sharing between the Ministry of Foreign Affairs, the Public Prosecution Service and the police, the Netherlands has been able to make a unique and important contribution to sanctioning within the EU. The Netherlands hopes that this approach will also inspire other member states, so that the EU can be even more effective in fighting cybercrime.
As a result of the sanctions, these individuals’ assets in the EU will be frozen, they will no longer be able to enter the EU, and transactions with them will be prohibited. This means that it will be against the law for EU citizens and companies to cooperate and do business with these prominent cybercriminals, directly or indirectly. The purpose of these measures, aimed at both the individuals concerned and their clients, is to deter and combat cybercrime. These sanctions will also send a clear signal to states that provide safe havens to cybercriminals, allowing them to operate without impunity.
Under the cyber sanctions regime established in 2019, sanctions have been imposed on 14 individuals and four entities from Russia, China and North Korea since 2020. These individuals and entities are responsible for cyberattacks on such institutions as the Organisation for the Prohibition of Chemical Weapons (OPCW), the German Bundestag, banks and hospitals.
The sanctions regime currently explicitly targets individuals and entities, not states. The Netherlands considers it important that the EU also has the tools to take more effective action against states that exhibit malicious cyber behaviour. That’s why the Netherlands is working with other member states to explore how the EU’s cyber sanctions toolbox can be strengthened further.