The UK National Crime Agency (NCA) has sanctioned 16 individuals associated with the cybercrime group Evil Corp, revealing their ties to Russian intelligence agencies such as the FSB [8], SVR [8], and GRU [8].
Description
This includes Aleksandr Ryzhenkov [1], a key LockBit affiliate and right-hand man to leader Maksim Yakubets, also known as “Beverley,” who has been charged by the US government for launching ransomware attacks against US-based victims and linked to the development of the WastedLocker ransomware. Ryzhenkov [1] [2] [3] [6] [7], a key figure in Evil Corp, has also helped develop malware strains used in attacks that have generated over $100 million in criminal profits [3]. Yakubets [1] [2] [3] [4] [5] [7] [8], supported by his father Viktor Yakubets [4], has strong ties to the Russian state [5]. Evil Corp [1] [2] [3] [4] [5] [6] [7] [8], financially motivated and with close links to the Russian state [6], has extorted at least $300m from global victims [6], including in healthcare and government sectors [6]. The group has targeted critical national infrastructure operators, health sector organizations [7], and government bodies [7], and has been tasked with cyberattacks on NATO countries [2]. The sanctions were announced on October 1, 2024 [6], with Australia and the US also imposing sanctions [6]. Despite previous disruptions [6], LockBit ransomware attacks have continued [6], with 176 attacks in May alone [6]. Europol has arrested four suspected LockBit actors and seized critical servers [6]. French [6], British [6], and Spanish authorities have made arrests related to LockBit activity [6]. The sanctioned individuals will face asset freezes and travel bans as part of coordinated law enforcement efforts to target cybercrime threats and disrupt malicious cyber actors linked to Russia. UK Foreign Secretary David Lammy stated that the sanctions send a clear message to the Kremlin regarding cyber-attacks [6]. The UK is committed to protecting businesses affected by these attacks and is participating in the international Counter Ransomware Initiative to mitigate the risks of malicious cyber activity.
Conclusion
The sanctions imposed on individuals associated with Evil Corp highlight the ongoing threat of cybercrime and the need for international cooperation to combat malicious cyber activity. By targeting cybercriminals with ties to Russian intelligence agencies, law enforcement agencies aim to disrupt cyber threats and protect businesses from ransomware attacks. The UK’s participation in the Counter Ransomware Initiative underscores its commitment to cybersecurity and efforts to mitigate the risks posed by cybercriminals.
References
[1] https://cyberscoop.com/lockbit-arrests-ransomware-fbi-uk-nca-evil-corp/
[2] https://techcrunch.com/2024/10/01/uk-unmasks-lockbit-ransomware-affiliate-evil-corp-cybercrime-gang/
[3] https://www.govinfosecurity.com/lockbit-evil-corp-targeted-in-anti-ransomware-crackdown-a-26422
[4] https://www.bbc.co.uk/news/articles/cwy98824lk4o
[5] https://www.gov.uk/government/news/uk-sanctions-members-of-notorious-evil-corp-cyber-crime-gang-after-lammy-calls-out-putins-mafia-state
[6] https://www.infosecurity-magazine.com/news/evil-corp-lockbit-sanctions/
[7] https://www.computerweekly.com/news/366612515/Unmasked-The-Evil-Corp-cyber-gangster-who-worked-for-LockBit
[8] https://www.wired.com/story/evil-corp-lockbit-russian-intelligence/