Authorities in the UK, US, and Australia have sanctioned sixteen individuals linked to Evil Corp, a group once considered the pinnacle of global cyber threats.
This move exposes their connections to the Russian state and other infamous ransomware groups, including LockBit. The National Crime Agency(NCA) also shared the news on Social Platform X.
Unveiling the Faces Behind Evil Corp
The National Crime Agency (NCA) has played a pivotal role in unraveling the complex web of Evil Corp’s operations.
Originating as a family-centered financial crime group in Moscow, Evil Corp evolved into a formidable cybercrime entity, extorting over $300 million from victims worldwide.
Their targets spanned critical sectors such as healthcare, government, and national infrastructure.
Analyse Any Suspicious Links Using ANY.RUN’s New Safe Browsing Tool:
In 2019, the US indicted Maksim Yakubets, Evil Corp’s head, Igor Turashev, and several other members.
The UK’s Foreign, Commonwealth, and Development Office has sanctioned these individuals.
This new wave of sanctions includes previously unidentified members like Aleksandr Ryzhenkov, Yakubets’ trusted lieutenant and a known LockBit affiliate.
International Efforts to Combat Cybercrime
The sanctions are part of a broader international effort to dismantle Evil Corp’s operations.
The US Department of Justice has unsealed an indictment against Ryzhenkov for deploying BitPaymer ransomware across American targets. Meanwhile, Australia has joined in imposing sanctions against these cybercriminals.
The NCA’s Director General for Threats, James Babbage, emphasized the importance of these actions: “These sanctions expose further members of Evil Corp and those critical to enabling their activity.
We expect these new designations to disrupt their ongoing criminal activity.”
The Russian Connection
Evil Corp’s ties to the Russian state have been well-documented. Eduard Benderskiy, Yakubets’ father-in-law and a former high-ranking FSB official, was instrumental in fostering this relationship.
Before 2019, Russian Intelligence Services reportedly tasked Evil Corp with executing cyber attacks against NATO allies.
Following US sanctions in 2019, Benderskiy leveraged his connections to shield Evil Corp’s senior members from Russian authorities.
Despite this protection, the group faced significant operational disruptions and was forced to adapt its tactics.
Evil Corp’s strategies shifted post-2019 sanctions. They moved from widespread attacks to targeting high-value organizations using new ransomware strains like WastedLocker and Hades.
Some members even collaborated with other crime groups, like LockBit, for technical tools.The NCA continues to track former Evil Corp members involved in ransomware activities.
The international investigation into LockBit remains active, with recent arrests in France and Spain highlighting ongoing efforts to dismantle their operations.
Global Leaders Respond
UK Foreign Secretary David Lammy stated: “Today’s sanctions send a clear message to the Kremlin that we will not tolerate Russian cyber-attacks.”
Security Minister Dan Jarvis added: “Cyber-crime causes immense damage globally but today’s action shows there are serious consequences for those involved.”
Jonathon Ellison of the NCSC urged organizations to follow ransomware guidance: “Every day we see ransomware incidents have real-world consequences… I welcome today’s sanctions against Evil Corp-affiliated actors.”
Free Webinar on How to Protect Small Businesses Against Advanced Cyberthreats ->