Evil Corp cybercriminals targeted with UK sanctions

2 Oct 2024

Image: © ZETHA_WORK/Stock.adobe.com

The cybercrime gang has been in operation for more than a decade and is believed to have extorted at least $300m from victims worldwide.

The UK, alongside the US and Australia, has sanctioned 16 members of the prolific Russian cybercrime gang Evil Corp.

The cybercriminals will now be subject to a series of asset freezes and travel bans.

Members sanctioned include Maksim Yakubets, who the UK government said had cultivated strong ties between Evil Corp and the Russian state, and Aleksandr Ryzhenkov, who has also been identified as a LockBit affiliate.

James Babbage, director general for threats at the UK’s National Crime Agency (NCA), said the latest sanctions are part of complex investigations into “two of the most harmful cybercrime groups of all time”.

“These sanctions expose further members of Evil Corp, including one who was a LockBit affiliate, and those who were critical to enabling their activity.”

As part of an in-depth investigation, the NCA outlined Evil Corp’s activities, which had been carried out for more than a decade before its influence started to dwindle towards the end of 2019.

The group’s activities included malware and ransomware attacks against UK health, government and public sector institutions, as well as private commercial technology companies.

According to the NCA, the cybercrime gang extorted at least $300m from victims worldwide. The gang was also allegedly tasked to conduct cyberattacks and espionage operations against NATO allies by Russian Intelligence Services.

UK foreign secretary David Lammy the sanctions send “a clear message to the Kremlin that we will not tolerate Russian cyberattacks”.

“Putin has built a corrupt mafia state with himself at its centre. We must combat this at every turn, and today’s action is just the beginning,” said Lammy.

The latest sanctions build on actions taken earlier this year against cybercrime group LockBit.

In February, the gang’s data leak website was seized by the NCA, which worked with the FBI and an international task force.

As part of yesterday’s statement, the NCA said the international investigation into LockBit is ongoing. “This week their original leak site, which remains under the control of the NCA, went live once more,” it said.

“It details further action taken by the Cronos Taskforce, including NCA arrests in August of two people believed to be associated with a LockBit affiliate, on suspicion of the Computer Misuse Act and money laundering offences.”

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Jenny Darmody is the editor of Silicon Republic

editorial@siliconrepublic.com