TLDR
- Evil Corp, a Russia-based cybercrime group, faces sanctions from US, UK, and Australia
- Group responsible for over $100 million stolen from banks across 40+ countries
- Potential links between Evil Corp and LockBit ransomware group discovered
- Evil Corp members have alleged connections to Russian state entities, including FSB
- International law enforcement efforts intensifying against the group
The United States, United Kingdom, and Australia have jointly imposed sanctions on key members of Evil Corp, a Russia-based cybercrime syndicate.
This group is allegedly responsible for widespread financial theft and ransomware attacks that have resulted in over $100 million stolen from hundreds of banks and financial institutions across more than 40 countries.
Evil Corp is known for developing and distributing the Dridex malware, which infects computers and harvests login credentials.
The U.S. Department of Justice has also unsealed an indictment charging an Evil Corp member with deploying BitPaymer ransomware against victims in the United States.
Recent findings from blockchain analysis firm Chainalysis suggest a potential overlap between Evil Corp and another cybercriminal group, LockBit.
On-chain data indicates that ransomware strains associated with Evil Corp and cryptocurrency clusters linked to Lockbit have used the same deposit addresses at centralized exchanges.
This information aligns with previous reports that Evil Corp may have used LockBit to rebrand and distance itself from sanctioned entities.
The Chainalysis report also highlights that several members of Evil Corp are related, indicating close internal ties. Maksim Victorovich Yakubets, the leader of Evil Corp, has been noted by the U.S. Treasury Department for his alleged work with Russia’s Federal Security Service (FSB) and efforts to obtain a license to handle classified information.
Other designated individuals include his father, Viktor Yakubets, and father-in-law, Eduard Benderskiy, a former FSB officer. These connections suggest potential links between the cybercrime group and Russian state agencies.
Corey Petty, a cybersecurity professional, explained that using cryptocurrency for ransom payments forms “the backbone of ransomware’s efficacy.”
He noted that while blockchains offer transparency and immutability, which may be perceived as beneficial for criminals, they also allow anyone to track the flow of funds.
Law enforcement agencies across multiple countries have taken coordinated actions to disrupt Evil Corp’s operations.
Arrests and seizures have occurred in various nations, including the apprehension of a suspected LockBit developer by French authorities and the seizure of servers associated with LockBit’s ransomware infrastructure by Spanish officers.
The sanctions against Evil Corp come amid growing concerns about the use of cryptocurrency for illicit activities. A recent report from the UK’s National Crime Agency found that as much as $5.1 billion worth of illicit crypto transactions are linked to the country every year, with both digital and crypto-related crime on the rise.
In a separate but related development, the U.S. Department of Justice announced the seizure of domains linked to three crypto exchanges accused of facilitating more than $800 million in illicit transactions.
This action was part of a coordinated crackdown on Russian money laundering operations.
Chainalysis executives have recently stated that Russia has become a significant force in using cryptocurrency for various illicit purposes, including sanctions evasion, ransomware attacks, and interference in U.S. elections.
Valerie Kennedy, Chainalysis Director of Intelligence Solutions, described Russia as “the loudest and possibly most pervasive in this space.”
The international community’s focus on Evil Corp and related cybercrime groups highlights the ongoing challenges in combating digital financial crimes and the importance of coordinated efforts among law enforcement agencies worldwide.