More Evil Corp Actors Exposed, Including LockBit Affiliate

As part of Operation Cronos, an ongoing NCA-led international effort to disrupt Evil Corp, investigators discovered that Ryzhenkov had been involved in numerous LockBit ransomware attacks. Once a Moscow-based family financial crime group, Evil Corp expanded into cybercrime, reportedly extorting at least $300 million from global victims across sectors such as healthcare, critical national infrastructure, and government. In a significant move against one of the world’s most notorious cybercrime groups, the UK has sanctioned 16 individuals linked to Evil Corp, a criminal organization with ties to the Russian state. Jonathon Ellison, Director for National Resilience and Future Technology at the UK’s National Cyber Security Centre (NCSC), urged businesses to follow the NCSC’s ransomware guidance to reduce their vulnerability to attacks and develop robust response plans. Despite these challenges, some members continued to develop new strains of ransomware, including WastedLocker and PhoenixLocker, while others shifted to using ransomware from other crime groups, like LockBit. The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network. The UK’s Foreign Secretary, David Lammy, reiterated the government’s resolve: “I am making it my personal mission to target the Kremlin with the full arsenal of sanctions at our disposal.  Putin has built a corrupt mafia state with himself at its center. The sanctions also extend to key enablers of Evil Corp’s activities, including Yakubets’ father and father-in-law, a former high-ranking official in Russia’s Federal Security Service (FSB). Following the 2019 sanctions, Evil Corp faced operational difficulties, forcing many of its members to go underground and adopt more sophisticated measures to evade law enforcement. James Babbage, Director General for Threats at the NCA, emphasized the significance of these developments: “The action announced today has taken place in conjunction with extensive and complex investigations by the NCA into two of the most harmful cybercrime groups of all time. The UK’s National Crime Agency (NCA) played a pivotal role in uncovering Evil Corp’s extensive criminal network. Babbage highlighted the evolving tactics of Evil Corp since the US sanctions in 2019, noting the group’s reduced capacity to operate. Recently, the NCA revived LockBit’s original leak site, detailing additional arrests, including the capture of a suspected LockBit developer in France and the seizure of nine servers used by the group in Spain. The NCA is dedicated to working with our partners in the UK and overseas, sharing intelligence and working to disrupt the most sophisticated and harmful ransomware groups, no matter where they are or how long it takes,” Babbage ended. The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user. The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes. Formed in 2014, Evil Corp was responsible for developing and deploying the Dridex and BitPaymer malware, targeting financial institutions across 40 countries and stealing over $100 million. Today, Yakubets, Turashev, and seven other members previously sanctioned by the US have also been sanctioned by the UK’s Foreign, Commonwealth & Development Office. The group maintained close ties to the Russian state, with some members involved in cyber espionage on behalf of Russian intelligence. “Today’s sanctions send a clear message to the Kremlin that we will not tolerate Russian cyber-attacks – whether from the state itself or from its cyber-criminal ecosystem,” Lammy added. In 2019, the NCA’s investigation led to the indictment of Evil Corp’s leader, Maksim Yakubets, and administrator Igor Turashev in the US. Copyright © 2024 Information Security Buzz is brand owned by Bora Design SL a company registered in Spain with company number B42720136 whose registered office is in Alicante, Spain. The US Department of Justice has also unsealed an indictment charging Ryzhenkov with using BitPaymer ransomware to target American victims.

This Cyber News was published on informationsecuritybuzz.com. Publication date: Wed, 02 Oct 2024 05:43:05 +0000