Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label ransomware charges. Show all posts

Evil Corp Faces New Sanctions and BitPaymer Ransomware Charges

 

The Evil Corp cybercrime group has been hit with fresh sanctions by the United States, United Kingdom, and Australia. Additionally, the U.S. has indicted a member for their involvement in BitPaymer ransomware attacks.

Back in 2019, the U.S. had sanctioned 17 individuals and 7 entities linked to Evil Corp, including its leader, Maksim Yakubets. Today, the U.S. Treasury's Office of Foreign Assets Control (OFAC) has placed sanctions on seven more individuals and two additional entities connected to the syndicate. The UK and Australia have joined the U.S. in sanctioning some of these individuals as well, either today or as part of the 2019 sanctions.

The individuals facing sanctions include Eduard Benderskiy (Yakubets’ father-in-law), Viktor Grigoryevich Yakubets (his father), Aleksandr Viktorovich Ryzhenkov, Sergey Viktorovich Ryzhenkov, Aleksey Yevgenevich Shchetinin, Beyat Enverovich Ramazanov, and Vadim Gennadievich Pogodin. The two entities, Vympel-Assistance LLC and Solar-Invest LLC, are owned by Benderskiy.

According to the U.S. Department of the Treasury, Benderskiy, a former Spetnaz officer with ties to Russian intelligence, has played a key role in facilitating Evil Corp's relationship with the Russian state. This partnership allegedly enabled the group to conduct cyberattacks and espionage operations against NATO allies prior to 2019.

Under these new sanctions, assets linked to the individuals have been frozen, and businesses in the U.S., UK, and Australia are prohibited from engaging in transactions with them. Moreover, companies that fall victim to Evil Corp’s ransomware attacks are now restricted from making ransom payments unless approved by OFAC, or they risk violating sanctions.

In another significant development, the U.S. has unsealed an indictment against Aleksandr Ryzhenkov, an alleged Evil Corp member, for his role in ransomware attacks in the U.S. Ryzhenkov is accused of using BitPaymer ransomware in numerous attacks starting in 2017. The indictment states that Ryzhenkov and his co-conspirators gained unauthorized access to victims’ computer networks, deployed the BitPaymer ransomware to encrypt files, and left ransom notes demanding payment to decrypt the data and prevent the release of sensitive information.

The UK's National Crime Agency (NCA) has identified Ryzhenkov as a LockBit affiliate, having carried out several attacks as part of Operation Cronos, an ongoing effort to disrupt ransomware operations.

Evil Corp is notorious for creating the Dridex banking trojan and various ransomware strains. Initially, the gang used Dridex to steal banking credentials and commit financial fraud. As ransomware attacks grew, the group shifted focus, creating BitPaymer in 2017 to target businesses globally. Following U.S. charges against its members in 2019, Evil Corp split, with some members forming a new operation known as DoppelPaymer, which later rebranded as Grief and Entropy.

Despite sanctions, Evil Corp continued its operations by deploying new ransomware variants under different names, such as WastedLocker, Hades, and Phoenix CryptoLocker, among others. However, as these variants shared similar code, they were traced back to Evil Corp. To further evade sanctions, some affiliates began using LockBit ransomware.