Sanctions Target Russian 'Evil Corp' After $100M Ransomware Thefts

Analysis

October 7, 2024 10:12 AM

In Brief:
The U.S., UK, and Australia imposed sanctions on 'Evil Corp,' a Russian cybercrime group linked to $100 million in ransomware thefts and financial crimes.
The group is known for its Dridex malware and alleged ties to Russian state entities, with recent reports suggesting collaboration with the LockBit cybercriminal group.

Russian 'Evil Corp' Group Hit With Sanctions After $100 Million in Ransomware Thefts

International law enforcement is intensifying efforts against Evil Corp, a notorious Russian cybercrime syndicate accused of extensive financial theft and ransomware attacks. The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC), the UK's Foreign, Commonwealth & Development Office (FCDO), and Australia's Department of Foreign Affairs and Trade (DFAT) have jointly imposed sanctions on key members of the group.

Simultaneously, the U.S. Department of Justice unsealed an indictment charging an Evil Corp member with deploying BitPaymer ransomware against U.S. victims. Evil Corp is infamous for the Dridex malware, which has infected computers globally, stealing over $100 million from banks and financial institutions in more than 40 countries.

Potential State Connections and Cybercrime Ties

Corey Petty, a cybersecurity expert, highlighted the role of cryptocurrency in ransomware operations, emphasizing blockchain's transparency and traceability as both a tool and a vulnerability for criminals. An October 3 Chainalysis report reveals potential collaboration between Evil Corp and the LockBit cybercriminal group, noting shared cryptocurrency deposit addresses at centralized exchanges.

The report also indicates familial ties within Evil Corp, including its leader, Maksim Victorovich Yakubets, who is allegedly linked to Russia's Federal Security Service (FSB). His father and father-in-law, both with connections to Russian state agencies, are also designated individuals under the sanctions.

Global Efforts to Disrupt Operations

Law enforcement agencies worldwide are coordinating actions to disrupt Evil Corp's operations. Arrests and seizures have occurred, including the apprehension of a suspected LockBit developer by French authorities and the seizure of servers linked to LockBit's ransomware infrastructure by Spanish officers.

Chainalysis officials have noted Russia's significant role in using cryptocurrency for sanctions evasion and ransomware attacks, underscoring the international focus on combating these cyber threats.

Disclaimer: Backdoor provides informational content only, it is not offered or intended to be used as legal, tax, investment, financial, or other advice. Investments in digital assets involve risk, and past performance does not guarantee future results. We recommend conducting your own research before making any investment decisions.