The U.S., UK, and Australia have sanctioned members of Russia-based Evil Corp, a cybercrime syndicate responsible for over $100 million in theft via malware and ransomware.
The United States, the United Kingdom, and Australia have jointly implemented sanctions against key members of Evil Corp, a cybercrime syndicate headquartered in Russia.
This organization is purportedly accountable for the pervasive financial theft and ransomware attacks that have stolen over $100 million from hundreds of financial institutions and banks in over 40 countries.
Evil Corp is renowned for developing and distributing the Dridex malware, which infects computers and extracts logon credentials.
An indictment has been unsealed by the U.S. Department of Justice, which accuses an Evil Corp member of deploying BitPaymer ransomware against victims in the United States.
Chainalysis, a blockchain analysis firm, has recently discovered a potential overlap between Evil Corp and another cybercriminal organization, LockBit.
The same deposit addresses at centralized exchanges have been utilized by ransomware variants associated with Evil Corp and cryptocurrency clusters linked to Lockbit, according to on-chain data.
This information contradicts previous allegations that Evil Corp may have employed LockBit to rebrand and distance itself from sanctioned entities.
The Chainalysis report also emphasizes that numerous members of Evil Corp are related, suggesting that they have strong internal connections.
The U.S. Treasury Department has cited Maksim Victorovich Yakubets, the leader of Evil Corp, for his purported involvement with Russia’s Federal Security Service (FSB) and his endeavors to secure a license to handle classified information.
His father, Viktor Yakubets, and his father-in-law, Eduard Benderskiy, a former FSB officer, are also designated individuals. These connections indicate the possibility of a connection between the cybercrime group and Russian state agencies.
According to cybersecurity professional Corey Petty, the utilization of cryptocurrency for extortion payments is the foundation of ransomware’s effectiveness.
He observed that blockchains provide transparency and immutability, which may be perceived as advantageous by criminals. However, they also enable anyone to monitor the passage of funds.
Evil Corp’s operations have been disrupted by law enforcement agencies in numerous countries through the implementation of coordinated measures.
In numerous countries, arrests and seizures have taken place, such as the apprehension of a suspected LockBit developer by French authorities and the seizure of servers associated with LockBit’s ransomware infrastructure by Spanish officers.
The sanctions against Evil Corp are implemented in response to the increasing apprehension regarding the utilization of cryptocurrency for illegal purposes. In a recent report, the National Crime Agency of the United Kingdom discovered that the country is associated with as much as $5.1 billion in illicit crypto transactions annually, and that both digital and crypto-related crime are on the rise.
In a separate but related development, the U.S. Department of Justice announced the seizure of domains associated with three crypto exchanges that are accused of facilitating over $800 million in illicit transactions.
This action was a component of a coordinated effort to combat Russian money laundering operations.
Chainalysis executives have recently disclosed that Russia has emerged as a substantial force in the utilization of cryptocurrency for a variety of illicit activities, such as the evasion of sanctions, the execution of ransomware assaults, and the meddling in U.S. elections.
Valerie Kennedy, the Director of Intelligence Solutions at Chainalysis, characterized Russia as “the most pervasive and loudest in this space.”
The ongoing challenges in combating digital financial crimes and the significance of coordinated efforts among law enforcement agencies worldwide are underscored by the international community’s concentration on Evil Corp and related cybercrime groups.
