CyberSecurityBoard
Sponsor Register Login

Evil Corp hit with new sanctions, BitPaymer ransomware charges

"Eduard Benderskiy (Benderskiy), a former Spetnaz officer of the Russian Federal Security Service (FSB), which is designated under numerous OFAC sanctions authorities, current Russian businessman, and the father-in-law of Evil Corp's leader Maksim Viktorovich Yakubets (Maksim), has been a key enabler of Evil Corp's relationship with the Russian state," alleges the U.S. Department of the Treasury announcement. The Evil Corp cybercrime syndicate has been hit with new sanctions by the United States, United Kingdom, and Australia, with the US also indicting one of its members for conducting BitPaymer ransomware attacks. The United States also unsealed an indictment today against suspected Evil Corp member Aleksandr Ryzhenkov for conducting ransomware attacks on multiple victims in the US. In 2019, the United States sanctioned seventeen individuals and seven entities linked to the Evil Corp gang, including the group's leader, Maksim Yakubets. "Benderskiy was a key enabler of their relationship with the Russian Intelligence Services who, prior to 2019, tasked Evil Corp to conduct cyber attacks and espionage operations against NATO allies," alleges a joint NCA announcement. This also means that organizations that suffer ransomware attacks by Evil Corp will no longer be able to make ransom payments without approval by OFAC or risk facing sanction violations. Evil Corp is a cybercrime syndicate known for creating and distributing the Dridex banking Trojan and various ransomware families used in attacks worldwide. In 2019, Evil Corp split, with some members creating a new ransomware operation known as DoppelPaymer, which shared much of the same code as BitPaymer. BitPaymer is the first ransomware encryptor created by Evil Corp, which they began using in attacks in 2017. Evil Corp deployed new ransomware variants under different names to evade US sanctions, such as WastedLocker, Hades, Phoenix CryptoLocker, PayLoadBin, and Macaw. After the US charged members of the Evil Corp for stealing over $100 million, it added the gang's leader, Maksim Yakubets, and other members of the cybercrime gang to the Office of Foreign Assets Control (OFAC) sanction list. Due to these sanctions, many ransomware negotiation firms refused to conduct payments with Evil Corp operations due to the risks of violating sanctions. The two sanctioned entities are Vympel-Assistance LLC and Solar-Invest LLC, which are owned by Benderskiy, the reported father-in-law of Evil Corp's leader Maksim Yakubets. In a trilateral action, the UK and Australia are also sanctioning some of the Evil Corp suspects designated by OFAC today or in its 2019 sanctions.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 01 Oct 2024 16:31:25 +0000


Cyber News related to Evil Corp hit with new sanctions, BitPaymer ransomware charges

Evil Corp hit with new sanctions, BitPaymer ransomware charges - "Eduard Benderskiy (Benderskiy), a former Spetnaz officer of the Russian Federal Security Service (FSB), which is designated under numerous OFAC sanctions authorities, current Russian businessman, and the father-in-law of Evil Corp's leader ...
4 months ago Bleepingcomputer.com
Evil Corp Cyber Criminals Group Identity Exposed Along with Lockbit Affiliate - Some members even collaborated with other crime groups, like LockBit, for technical tools.The NCA continues to track former Evil Corp members involved in ransomware activities. Further Evil Corp cyber criminals exposed following NCA investigation, ...
4 months ago Cybersecuritynews.com
More Evil Corp Actors Exposed, Including LockBit Affiliate - As part of Operation Cronos, an ongoing NCA-led international effort to disrupt Evil Corp, investigators discovered that Ryzhenkov had been involved in numerous LockBit ransomware attacks. Once a Moscow-based family financial crime group, Evil Corp ...
4 months ago Informationsecuritybuzz.com
Evil Corp hit with new sanctions, BitPaymer ransomware charges - "Eduard Benderskiy (Benderskiy), a former Spetnaz officer of the Russian Federal Security Service (FSB), which is designated under numerous OFAC sanctions authorities, current Russian businessman, and the father-in-law of Evil Corp's leader ...
4 months ago Bleepingcomputer.com
LockBit Associates Arrested, Evil Corp Bigwig Outed - "The exposure of Evil Corp's ties to LockBit is a major blow to the ransomware affiliate market," said Ferhat Dikbiyik, head of research at Black Kite, in an emailed statement to Dark Reading. In addition, Aleksandr Ryzhenkov (aka ...
4 months ago Darkreading.com
Notorious Evil Corp Hackers Targeted NATO Allies for Russian Intelligence | WIRED - On Tuesday, the United Kingdom's National Crime Agency released new details about the real world identities of alleged Evil Corp members, the group's connection to the LockBit platform, and the gang's ties to the Russian state. UK law ...
4 months ago Wired.com
Eduard Benderskiy: Western authorities link Russian intelligence officer to Evil Corp cybercrime empire - Eduard Benderskiy, a former high-ranking official within the Russian intelligence services, was named and sanctioned by Western law enforcement agencies on Tuesday in a paper describing him as a key enabler and protector for the Evil Corp cybercrime ...
4 months ago Therecord.media
US sanctions Russian for cleaning Ryuk's and oligarchs' cash The Register - A Russian woman the US accuses of being a career money launderer is the latest to be sanctioned by the country for her alleged role in moving hundreds of millions of dollars on behalf of oligarchs and ransomware criminals. Among these was her alleged ...
1 year ago Theregister.com
Authorities Unmasked LockBit Affiliate Evil Corp Key Member - In a separate development, the United States Department of Justice unsealed a 2023 indictment charging Ryzhenkov with using the BitPaymer ransomware variant to attack numerous victims in Texas and throughout the United States. The United ...
4 months ago Cybersecuritynews.com
LockBit Ransomware and Evil Corp Members Arrested and Sanctioned in Joint Global Effort - The group, responsible for the development and distribution of the Dridex (aka Bugat) malware, has been previously observed deploying LockBit and other ransomware strains in 2022 in order to get around sanctions imposed against the group in December ...
4 months ago Thehackernews.com
The Week in Ransomware - Governments struck back this week against members of ransomware operations, imposing sanctions on one threat actor and sentencing another to prison. On Tuesday, the Australian, US, and UK governments announced sanctions against Aleksandr Gennadievich ...
1 year ago Bleepingcomputer.com
Britain and US Take Action Against Ransomware Criminals by Imposing Sanctions on Seven People - On Thursday, the United Kingdom and United States imposed sanctions on seven people linked to a single criminal network responsible for Conti and Ryuk ransomware gangs and the Trickbot banking trojan. This is the first major move of a new joint ...
1 year ago Therecord.media
Police arrested four new individuals linked to the LockBit ransomware operation - “Europol supported a new series of actions against LockBit actors, which involved 12 countries and Eurojust and led to four arrests and seizures of servers critical for LockBit’s infrastructure.” reads the press release published by ...
4 months ago Securityaffairs.com
4 new LockBit-related arrests, identities of suspected Evil Corp members, affiliates revealed - Help Net Security - The third phase of Operation Cronos, which involved officers from the UK National Crime Agency (NCA), the FBI, Europol and other law enforcement agencies, has resulted in the arrest of four persons for allegedly participating in the LockBit ...
4 months ago Helpnetsecurity.com
Russia Cyber attack on Nato countries and ransomware attack on UMC Health System - Cybersecurity Insiders - The activities of Evil Corp and the ransomware attack on UMC Health System highlight the growing and evolving threats in the cyber landscape. The notorious Russian state-funded cyber threat group known as Evil Corp has recently made headlines for its ...
4 months ago Cybersecurity-insiders.com
Do the casino ransomware attacks make the case to pay? The Register - Feature The same cybercrime crew broke into two high-profile Las Vegas casino networks over the summer, infected both with ransomware, and stole data belonging to tens of thousands of customers from the mega-resort chains. Despite the similar ...
1 year ago Go.theregister.com
Do the casino ransomware attacks make the case to pay? The Register - Feature The same cybercrime crew broke into two high-profile Las Vegas casino networks over the summer, infected both with ransomware, and stole data belonging to tens of thousands of customers from the mega-resort chains. Despite the similar ...
1 year ago Theregister.com
Police unmask Aleksandr Ryzhenkov as Evil Corp member and LockBit affiliate - Western authorities on Tuesday named Russian national Aleksandr Ryzhenkov as one of the main members of the Evil Corp cybercrime group, as well as identifying him as an affiliate of the LockBit group. At the same time as identifying Ryzhenkov as one ...
4 months ago Therecord.media
The Week in Ransomware - Earlier this month, the BlackCat/ALPHV ransomware operation suffered a five-day disruption to their Tor data leak and negotiation sites, rumored to be caused by a law enforcement action. The FBI revealed this week that they hacked the BlackCat/ALPHV ...
1 year ago Bleepingcomputer.com
Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
2 years ago Heimdalsecurity.com
The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
1 year ago Securityboulevard.com
Ransomware Roundup - The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. This edition of the Ransomware Roundup covers the 8base ransomware. 8base ...
1 year ago Feeds.fortinet.com
Medusa Ransomware Turning Your Files into Stone - Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. The Unit 42 ...
1 year ago Unit42.paloaltonetworks.com
Ransomware trends and recovery strategies companies should know - Ransomware attacks can have severe consequences, causing financial losses, reputational damage, and operational disruptions. The methods used to deliver ransomware vary, including phishing emails, malicious websites, and exploiting vulnerabilities in ...
1 year ago Helpnetsecurity.com
The Week in Ransomware - Attacks on hospitals continued this week, with ransomware operations disrupting patient care as they force organization to respond to cyberattacks. While many, like LockBit, claim to have policies in place to avoid encryping hospitals, we continue to ...
1 year ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)