Western authorities on Tuesday named Russian national Aleksandr Ryzhenkov as one of the main members of the Evil Corp cybercrime group, as well as identifying him as an affiliate of the LockBit group. At the same time as identifying Ryzhenkov as one of LockBit’s affiliates, authorities in the U.S., U.K. and Australia also published a paper detailing his role in the Evil Corp gang, alongside that of Eduard Benderskiy, a former Russian intelligence official who has been protecting the hackers from Russia’s internal authorities. According to the agency’s analysis of the source code used in the LockBit system, it was even written to actually delete the data, but always provided the gang with the opportunity to keep it without informing either the affiliate or the victim. “These sanctions expose further members of Evil Corp, including one who was a LockBit affiliate, and those who were critical to enabling their activity. It comes as multiple arrests are announced in connection to the LockBit scheme, including two suspected money launderers in the United Kingdom and a suspected LockBit developer in France. The LockBit announcements are the latest tranches of information to be made public following a law enforcement operation that seized the ransomware group’s infrastructure earlier this year. A week of revelations subsequently appeared on the site, each of them trailered beneath a countdown, including claims that LockBit did not delete data even when it had pledged to victims to do so. In May of this year, the NCA again resurrected the LockBit site to identify the group’s leader as a 31-year-old Russian national called Dmitry Khoroshev. James Babbage, the NCA’s director general for threats, said: “The action announced today has taken place in conjunction with extensive and complex investigations by the NCA into two of the most harmful cybercrime groups of all time. Although the LockBit platform is continuing to operate, law enforcement officials believe it is doing so at a dramatically reduced capacity, with many of the service’s most capable affiliates now using alternatives. When the LockBit seizure initially took place, the NCA said it had “gained unprecedented and comprehensive access to LockBit’s systems” offering a trove of material for intelligence purposes. “Aleksandr Ryzhenkov extorted victim businesses throughout the United States by encrypting their confidential information and holding it for ransom,” said Nicole Argentieri, head of the DOJ’s Criminal Division.
This Cyber News was published on therecord.media. Publication date: Tue, 01 Oct 2024 14:50:05 +0000