Law enforcement agencies have identified Russian national Aleksandr Viktorovich Ryzhenkov as a key member of the notorious Evil Corp cybercrime group and a LockBit ransomware affiliate.
Ryzhenkov, also known by his alias “Beverley,” has been linked to over 60 LockBit ransomware builds and is believed to have sought to extort at least $100 million from victims in ransom demands.
According to Authorities, Ryzhenkov was unmasked through data obtained during Operation Cronos, a joint investigation with international partners.
Analyse Any Suspicious Links Using ANY.RUN’s New Safe Browsing Tool: Try for Free
.webp)
Authorities revealed that Ryzhenkov used the affiliate name “Beverley” and was associated with the alias “mx1r” and the threat group UNC2165, an evolution of Evil Corp-affiliated actors.
The United Kingdom’s Foreign, Commonwealth, and Development Office (FCDO), the United States Office of Foreign Assets Control (OFAC), and the Australian Department of Foreign Affairs and Trade (DFAT) have also sanctioned Ryzhenkov for his involvement in Evil Corp.
In a separate development, the United States Department of Justice unsealed a 2023 indictment charging Ryzhenkov with using the BitPaymer ransomware variant to attack numerous victims in Texas and throughout the United States.
The indictment alleges that Ryzhenkov and his conspirators gained unauthorized access to victims’ computer networks, deployed the BitPaymer ransomware, and demanded millions of dollars in ransom.
“The Justice Department is using all the tools at its disposal to attack the ransomware threat from every angle,” said Deputy Attorney General Lisa Monaco.
“Today’s charges against Ryzhenkov detail how he and his conspirators stole the sensitive data of innocent Americans and then demanded ransom. With law enforcement partners here and around the world, we will continue to put victims first and show these criminals that, in the end, they will be the ones paying for their crimes.”
Victims of ransomware attacks are encouraged to contact their local FBI field office. For additional information on ransomware, please visit StopRansomware.gov.
Free Webinar on How to Protect Small Businesses Against Advanced Cyberthreats -> Free Webinar