EvilCorp join with RansomHub to launch global cyber attacks

A new and potentially devastating alliance has emerged in the world of cybercrime. EvilCorp, an infamous cybercriminal group suspected to be led by an ex-FSB officer from Russia, has partnered with RansomHub, a notorious ransomware-as-a-service (RaaS) provider. This collaboration has already set the stage for large-scale, sophisticated cyberattacks that could wreak havoc on global industries and pose a significant challenge for law enforcement agencies attempting to curtail cybercrime.

EvilCorp, which has built a reputation for its brazen financial crimes, has long been a thorn in the side of global cybersecurity efforts. The group’s reach spans across multiple continents, but it has a particularly strong presence in developing and underdeveloped countries, especially in regions like Africa and Asia. This geographic distribution makes it even more difficult to track and dismantle their network, as they operate in countries with weaker cybersecurity infrastructures and less stringent enforcement mechanisms.

At the helm of EvilCorp is Maksim Yakubets, a figure whose name has been synonymous with some of the most notorious cybercrimes in recent history. Yakubets has long been connected to high-profile hacking campaigns, including his involvement with the creators of the LockBit ransomware and his central role in distributing the Dridex Banking Trojan, a malicious software designed to steal sensitive financial information.

In 2019, Yakubets was charged in the U.S. District Court of Pennsylvania on several counts related to cybercrime, including his role in a multi-million dollar scheme that targeted financial institutions. Despite the charges, Yakubets remains a fugitive, and reports suggest that he may be seeking refuge in Azerbaijan or nearby regions. His flight from justice, however, hasn’t stopped him from continuing his criminal operations, and his new partnership with RansomHub could further fuel his nefarious activities.

A recent report from a Telegram channel, a platform frequently used by cybercriminals for communication, suggests that Yakubets is seeking to bolster the financial capabilities of his criminal enterprise. By aligning himself with RansomHub, Yakubets aims to expand EvilCorp’s reach and enhance its ability to launch devastating attacks that have far-reaching effects on both public and private sectors globally. RansomHub, which operates as a ransomware-as-a-service provider, enables other cybercriminals to launch attacks without needing to possess deep technical expertise. This model has made it particularly popular among low-level cybercriminals looking to profit from ransomware attacks, further amplifying the threat to businesses and governments worldwide.

RansomHub’s notoriety skyrocketed in 2024 when it successfully targeted over 200 businesses, including major organizations like NHS UK and Change Healthcare, a business unit of the UnitedHealth Group. These attacks were part of a broader wave of ransomware incidents that crippled essential services and disrupted operations for many companies. In addition to these high-profile incidents, RansomHub was previously connected to the infamous LockBit ransomware group and the now-defunct BlackCat ransomware operation. Its ability to adapt and evolve, often by joining forces with other cybercrime syndicates, makes it an increasingly formidable force in the world of cybercrime.

The growing trend of collaboration among cybercriminal groups, as evidenced by the alliance between EvilCorp and RansomHub, is particularly alarming for both businesses and law enforcement agencies. These partnerships allow criminals to pool resources, share technical expertise, and launch coordinated attacks that are harder to trace and neutralize. For businesses, the consequences are dire—such affiliations make ransomware attacks more sophisticated, frequent, and financially devastating. For law enforcement, these partnerships create a tangled web of criminal activity, making it nearly impossible to attribute a single attack to a specific gang or group. When cybercriminals cooperate, it becomes increasingly difficult for authorities to dismantle their operations or even identify a clear perpetrator behind a particular attack.

The implications of these developments cannot be overstated. With the rise of ransomware-as-a-service models and the increasing collaboration between well-established criminal organizations, the cyber threat landscape is evolving at an alarming rate. Public and private entities must stay vigilant, investing in robust cybersecurity defenses, educating employees, and remaining prepared for the possibility of more frequent and sophisticated attacks. At the same time, law enforcement agencies worldwide must continue to adapt their strategies and work together across borders to combat this growing global menace.

As for the criminals behind these attacks, their increasingly sophisticated methods make them harder to track and stop. With their networks spread across the globe and their ability to leverage partnerships for greater impact, the battle against cybercrime has become even more complex and challenging. This latest collaboration between EvilCorp and RansomHub is a stark reminder that the fight against cybercrime is far from over, and it may only be getting more difficult in the years to come.