International law enforcement efforts have intensified against Evil Corp, a Russia-based cybercrime syndicate allegedly responsible for widespread financial theft and ransomware attacks.
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC), the UK's Foreign, Commonwealth & Development Office (FCDO), and Australia's Department of Foreign Affairs and Trade (DFAT) jointly imposed sanctions on key members of the group last week. Simultaneously, the U.S. Department of Justice unsealed an indictment charging an Evil Corp member with deploying BitPaymer ransomware against victims in the United States.
Evil Corp is known for developing and distributing the Dridex malware, which has infected computers worldwide and harvested login credentials, leading to over $100 million stolen from hundreds of banks and financial institutions across more than 40 countries. The group's activities are deeply rooted in Russia's cybercrime landscape and have alleged connections to Russian state entities.
$5.1 Billion in Illicit Crypto Transactions Linked to UK Every Year: NCA
A new report from the UK's National Crime Agency has found that as much as $5.1 billion worth of illicit crypto transactions are linked to the country every year, with both digital and crypto related crime on the rise. The agency's findings were published in its annual National Strategic Assessment, which draws on data from law enforcement, government, and private intelligence. “As the popularity of cryptocurrency grows, so too does the frequency of cryptocurrency crime,” the report stated. The...
Corey Petty, a cybersecurity professional and the head of insights at digital-rights-focused investment firm Institute of Free Technology, told Decrypt that using cryptocurrency for ransom payments forms “the backbone of ransomware’s efficacy.”
“Blockchains are transparent and auditable, and once the transactions have been successfully incorporated into the chain, they are unchangeable,” he said, noting the perceived benefits of the technology.. But there’s also a potentially significant downside for criminals.
“This gives anyone the ability to track the flow of funds,” he added.
An October 3 Chainalysis report examines the overlap between Evil Corp and the cybercriminal group LockBit. On-chain data indicates that ransomware strains associated with Evil Corp and cryptocurrency clusters linked to Lockbit have used the same deposit addresses at centralized exchanges.
US Seizes Crypto Domains Tied to $800 Million in Illicit Transactions
The U.S. Department of Justice said Thursday it seized domains linked to three crypto exchanges accused of facilitating more than $800 million in illicit transactions as part of a coordinated crackdown on Russian money laundering operations. The DOJ, working with the Treasury Department, Secret Service, and international law enforcement partners, unsealed an indictment against Russian national Sergey Ivanov, according to a statement. Ivanov, also known as “Taleon,” is accused of operating severa...
This suggests possible collaboration or shared infrastructure between the two groups, aligning with previous reports that Evil Corp has used LockBit to rebrand and distance itself from sanctioned entities.
The report also highlights that several members of Evil Corp are related, indicating close internal ties. Maksim Victorovich Yakubets, the leader of Evil Corp, has been noted by the U.S. Treasury Department for his alleged work with Russia's Federal Security Service (FSB) and efforts to obtain a license to handle classified information.
Other designated individuals include his father, Viktor Yakubets, and father-in-law, Eduard Benderskiy, a former FSB officer. These connections suggest potential links between the cybercrime group and Russian state agencies.
Chainalysis: Russia Is Loudest and 'Most Pervasive' Country Using Crypto to Skirt Sanctions
Russia has been increasing its use of cryptocurrency for sanctions evasion, disinformation, and election interference, according to execs for leading blockchain analytics firm Chainalysis. “Russia has become an international force using cryptocurrency for everything from sanctions evasion to ransomware attacks, and most recently, interference and disinformation campaigns targeting the US elections,” said Chainalysis chief marketing officer Ian Andrews during a talk shared on the company's YouTub...
The news follows Chainalysis Chief Marketing Officer Ian Andrews recently saying that “Russia has become an international force using cryptocurrency for everything from sanctions evasion to ransomware attacks.”
“Russia is just the loudest and possibly most pervasive in this space,” added Chainalysis Director of Intelligence Solutions, Valerie Kennedy.
Law enforcement agencies across multiple countries have taken coordinated actions to disrupt Evil Corp's operations. Arrests and seizures have occurred in various nations, including the apprehension of a suspected LockBit developer by French authorities and the seizure of servers associated with LockBit's ransomware infrastructure by Spanish officers.
Edited by Andrew Hayward
