Home US, UK, and Australia sanction 16 members of major cybercrime gang Evil Corp

US, UK, and Australia sanction 16 members of major cybercrime gang Evil Corp

TLDR

  • US, UK, and Australia sanctioned 16 members of the Evil Corp cybercrime group.
  • Group allegedly extorted $300 million using ransomware like BitPaymer and Dridex.
  • Sanctions target leaders and associates, including Maksim Yakubets and Aleksandr Ryzhenkov.

The United States, the United Kingdom, and Australia have announced sanctions against 16 people authorities accused of being part of the most wanted cybercrime gang in the world. The Moscow-based cybercrime group, Evil Corp, is accused of extorting at least $300 million from global victims, including those in healthcare, critical national infrastructure, government, and other sectors.

The UK’s National Crime Agency (NCA) has stated that the alleged leader of the gang is Maksim Yakubets, who was supported by his father, Viktor Yakubets. They have been indicted and sanctioned, along with several other members, including one of the group’s administrators, Igor Turashev, in the US.

The information was released as part of a large multinational operation aimed at disrupting Evil Corp and another notorious hacking group, LockBit.

Evil Corp officially formed as a “Mafia style” crime group a decade ago. The NCA states that they were responsible for the development and distribution of BitPaymer and Dridex, which they used to target banks and financial institutions in over 40 countries, stealing over $100 million.

In 2019, Maksim Yakubets and Igor Turashev were sanctioned and had a $5 million bounty for his arrest by the US Department of Justice.

Other Russian individuals, including Yakubets’ brother Artem, were also named as part of the US sanctions and designations.

The UK also sanctioned Yakubets’ father-in-law, Eduard Benderskiy, a former high-ranking FSB official, and others who were key to enabling Evil Corp’s criminal activity.

Evil Corp links to LockBit

The US Treasury Department’s Office of Foreign Assets Control announced that Russian national Aleksandr Viktorovich Ryzhenkov, Yakubets’ right-hand man, was added to its list of specially designated nationals. He is accused of using BitPaymer ransomware to target victims across the country.

The designation blocks property and interests in any property the designee may have in the United States and prohibits US financial institutions from engaging in certain transactions and activities with the designated individual.

Yakubets reportedly worked closely with Ryzhenkov to develop some of the group’s most prolific ransomware strains. NCA investigators, analyzing data obtained from the group’s own systems as part of Operation Cronos, found that he had been involved in LockBit ransomware attacks against numerous organizations. ReadWrite reported on one such ransomware attack last November when it targeted Boeing.

James Babbage, NCA Director General for Threats, stated: “The action announced today has taken place in conjunction with extensive and complex investigations by the NCA into two of the most harmful cybercrime groups of all time.”

UK Foreign Secretary, David Lammy, added: “Today’s sanctions send a clear message to the Kremlin that we will not tolerate Russian cyber-attacks – whether from the state itself or from its cyber-criminal ecosystem.”

While FBI Deputy Director Paul Abbate said: “Today’s indictment delivers a clear message to those who engage in cyber-criminal activity – you will face severe consequences for your illicit activities and will be held accountable under the law.”

Featured image: Ideogram

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Suswati Basu
Tech journalist

Suswati Basu is a multilingual, award-winning editor and the founder of the intersectional literature channel, How To Be Books. She was shortlisted for the Guardian Mary Stott Prize and longlisted for the Guardian International Development Journalism Award. With 18 years of experience in the media industry, Suswati has held significant roles such as head of audience and deputy editor for NationalWorld news, digital editor for Channel 4 News and ITV News. She has also contributed to the Guardian and received training at the BBC As an audience, trends, and SEO specialist, she has participated in panel events alongside Google. Her…

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.