The United Kingdom announced on Tuesday that it has imposed sanctions on 16 members of the Russian cyber-crime group Evil Corp, which it accuses of being directed by Russia to conduct
cyber-attacks against NATO allies.
Evil Corp, once considered the world's most significant cyber-crime threat, has been targeted by coordinated efforts from Britain's National Crime Agency (NCA), the United States, and Australia. "Today's sanctions send a clear message to the Kremlin that we will not tolerate Russian cyber-attacks—whether from the state or its criminal cyber ecosystem," said UK Foreign Minister David Lammy.
In 2019, the U.S. indicted Evil Corp's alleged leader, Maksim Yakubets, who gained notoriety for his lavish lifestyle, including driving a Lamborghini. A $5 million bounty was placed on information leading to his capture. The NCA revealed that the group had been working closely with Russian intelligence services, including the Federal Security Service (FSB), Foreign Intelligence Service (SVR), and military intelligence unit GRU, to carry out cyber-espionage against NATO.
The NCA also identified Yakubets' father-in-law, Eduard Benderskiy, a former high-ranking FSB official, as a key enabler of Evil Corp’s activities, helping protect the group after U.S. sanctions were imposed in 2019.
Evil Corp is also linked to the notorious ransomware group LockBit, responsible for targeting major organizations such as the Industrial and Commercial Bank of China, Boeing, and the UK's Royal Mail. LockBit’s operations were disrupted by Western law enforcement earlier this year.
Aleksandr Ryzhenkov, identified as Yakubets’ right-hand man and a LockBit affiliate, played a central role in ransomware attacks on various organizations, according to the NCA. "Today's action has been the result of extensive and complex investigations into two of the most harmful cyber-crime groups in history," said James Babbage, Director General for Threats at the NCA.
The sanctions, which include asset freezes and travel bans, specifically target Yakubets, his associates Artem Viktorovich Yakubets, and Viktor Grigoryevich Yakubets. Meanwhile, the U.S. Justice Department indicted Ryzhenkov for his involvement in deploying the BitPaymer ransomware strain in attacks across Texas and the U.S.
"Today's charges against Ryzhenkov show how he and his conspirators stole sensitive data from innocent Americans and demanded ransom," said Deputy Attorney General Lisa Monaco. "Together with our global law enforcement partners, we will continue to prioritize victims and ensure these criminals pay for their crimes." Photo by Santeri Viinamäki, Wikimedia commons.