UK cracks down on Evil Corp cybercriminals linked to Russia and attacks on NATO member states

News
By published

Evil Corp hackers face major sanctions

Shape of Russia filled with Russian flag-colored internet codes on a black hacking background
(Image credit: Getty Images)

The UK National Crime Agency (NCA) has sanctioned 16 people belonging to the Evil Corp. cybercriminal organization, which has links to the Lockbit ransomware group and the Russian state.

Evil Corp. originated as a Moscow-based family financial crime group before graduating into the world of cybercrime, successfully stealing at least $300 million from healthcare, critical national infrastructure, government, and other organizations around the world.

Article continues below

Evil Corp, FSB, and LockBit

In 2019, an NCA investigation culminated in the US sanctioning the Evil Corp. head, Maksim Yakubets, and an administrator for the organization, Igor Turashev, alongside several other members. However, today's additional sanctions from the UK Foreign, Commonwealth and Development Office now encompasses both Yukabets and Turashev, alongside seven other individuals.

Among them is Aleksandr Ryzhenkov, an ally of Yakubets and LockBit affiliate with links to numerous ransomware attacks identified during Operation Cronos. Ryzhenkov was also identified as a perpetrator in a number of BitPaymer ransomware attacks against US organizations, and received an unsealed indictment from the US Department of Justice.

Among those sanctioned with strong links to the Russian state are Yakubets’ father, Viktor Yakubets, and former FSB official and father-in-law, Eduard Benderskiy. Speaking on the sanctions, James Babbage, Director General for Threats at the NCA said, “The action announced today has taken place in conjunction with extensive and complex investigations by the NCA into two of the most harmful cybercrime groups of all time.”

"These sanctions expose further members of Evil Corp, including one who was a LockBit affiliate, and those who were critical to enabling their activity,” Babbage continued.

"Since we supported US action against Evil Corp in 2019, members have amended their tactics and the harms attributed to the group have reduced significantly. We expect these new designations to also disrupt their ongoing criminal activity.

"Ransomware is the most significant cybercrime threat facing the UK and the world. The NCA is dedicated to working with our partners in the UK and overseas, sharing intelligence and working to disrupt the most sophisticated and harmful ransomware groups, no matter where they are or how long it takes,” Babbage concluded.

More from TechRadar Pro

Benedict Collins
Benedict Collins
Senior Writer, Security

Benedict is a Senior Security Writer at TechRadar Pro, where he has specialized in covering the intersection of geopolitics, cyber-warfare, and business security.

Benedict provides detailed analysis on state-sponsored threat actors, APT groups, and the protection of critical national infrastructure, with his reporting bridging the gap between technical threat intelligence and B2B security strategy.

Benedict holds an MA (Distinction) in Security, Intelligence, and Diplomacy from the University of Buckingham Centre for Security and Intelligence Studies (BUCSIS), with his specialization providing him with a robust academic framework for deconstructing complex international conflicts and intelligence operations, and the ability to translate intricate security data into actionable insights.