Britain imposes sanctions on a Russia-linked cybercrime group

A major international effort has made significant progress in unraveling one of the world’s most…

A major international effort has made significant progress in unraveling one of the world’s most notorious crime networks.

Yesterday (October 1), the UK government imposed sanctions on 16 members of the aptly named Evil Corp, once considered the world’s most widespread cybercrime organization, which has links to the Russian state and prominent ransomware syndicates including LockBit. The group has long been a target of global law enforcement and these latest sanctions are part of a coordinated effort alongside National Crime Agency (NCA) counterparts in Australia and the United States.

The NCA played a crucial role in exposing Evil Corp.’s far-reaching influence. The organization, which originated as a family-run financial crime group in Moscow, evolved into a global cybercrime enterprise, extorting more than $300 million from victims around the world. critical sectors, including healthcare, national infrastructure and government agencies.

In 2019, the US indicted Maksim Yakubets, the head of Evil Corp, along with one of the group’s top executives, Igor Turashev, as part of the crackdown on the group’s activities. Both were sanctioned along with other key members of the group and now Britain’s Foreign, Commonwealth and Development Office has expanded sanctions against Yakubets, Turashev and seven others previously designated by the US. A further seven people have now been sanctioned in Britain for their previously unknown links to and support for Evil Corp’s activities.

CORRUPT MAFIAS STATE

Foreign Secretary David Lammy was optimistic about yesterday’s action, saying in a statement: “I am making it my personal mission to attack the Kremlin with the full arsenal of sanctions at our disposal. Putin has built a corrupt mafia state in which he himself is central. We must fight this at every opportunity, and today’s action is just the beginning.”

A very important person now under British sanctions is Aleksandr Ryzhenkov, Yakubets’ close associate. Ryzhenkov was highly trusted by Yakubets and played a key role in developing some of Evil Corp’s most infamous ransomware variants. As part of Operation Cronos, the NCA-led international effort to disrupt Evil Corp’s operations, Ryzhenkov has been identified as an affiliate of LockBit. The Operation Cronos Task Force is a group made up of international enforcement agencies from Australia, Canada, France, Germany, Japan, the Netherlands, Sweden, Switzerland, the United Kingdom and the United States.

The US Department of Justice has opened an indictment accusing Ryzhenkov of using the BitPaymer ransomware to attack victims across the US, and further sanctions have been imposed on key figures linked to Evil Corp, including Viktor Yakubets, Maksim’s father and his father-in-law. Eduard Benderskiy, a former senior official of Russia’s Federal Security Service (FSB), the successor to the Soviet Union’s KGB. Benderskiy is believed to have been instrumental in securing Evil Corp’s connections to Russian intelligence services; before 2019, the group reportedly conducted cyber espionage and attacks on behalf of the Russian state, mainly targeting NATO members. Following the imposition of US sanctions in 2019, Benderskiy is said to have used his influence to protect Evil Corp’s high-ranking members from Russian authorities, allowing them to continue their activities.

MALWARE

James Babbage, Director General for Threats at the NCA, commented: “The action announced today has taken place in conjunction with extensive and complex investigations by the NCA into two of the most damaging cybercrime groups of all time. These sanctions expose even more members of Evil Corp, including someone affiliated with LockBit, and those who were crucial in enabling their activities. Since we supported the US action against Evil Corp in 2019, members have adapted their tactics and the damage attributed to the group has been significantly reduced. We expect these new designations will also disrupt their ongoing criminal activities.”

Evil Corp’s nefarious activities began in 2014 and the group quickly became infamous for developing and distributing malware such as Dridex and BitPaymer, programs that targeted financial institutions in more than 40 countries, leading to the theft of more than 100 million dollars. The NCA claims that the group’s elite position was partly due to its ties to the Russian state, which gave the group a level of protection and influence that allowed its members to evade capture for years.

LOCK BIT IN THE CROSS HAIR

The international investigation into LockBit remains ongoing with the arrest in August by the Operation Cronos task force of two as yet unnamed individuals, believed to be linked to a LockBit affiliate. These individuals were arrested on suspicion of violating the Computer Misuse Act and money laundering. Also in August, French authorities arrested a suspected LockBit developer, while Spanish police arrested a key figure involved in managing LockBit’s infrastructure, seizing nine servers used by the organization. group.

In a statement published on the NCA website, Security Minister Dan Jarvis reaffirmed the government’s commitment to combating cybercrime: “Cybercrime causes enormous damage to people and businesses around the world, but today’s action is proof that serious consequences for those involved.”