The U.S. Department of Justice and Department of Treasury have taken significant action against Evil Corp, a Russia-based cybercriminal group responsible for developing and distributing malware that has stolen over $100 million from banks and financial institutions across 40 countries. Evil Corp appears to operate as a family enterprise, with multiple family members involved.
Key Points:
- Sanctions Imposed: The Treasury’s Office of Foreign Assets Control (OFAC) has designated numerous individuals and entities associated with Evil Corp.
- International Cooperation: This action was coordinated with the United Kingdom and Australia.
- Russian Government Connection: Evil Corp’s activities have been linked to the Russian Federal Security Service (FSB).
- Financial Impact: All U.S.-based assets of the designated individuals and entities are now blocked.
Evil Corp’s Leadership and Key Members
- Maksim Yakubets: Leader of Evil Corp, linked to the Russian FSB.
- Igor Turashev: Key administrator of the Dridex malware.
- Denis Gusev: Senior member controlling six associated businesses.
- Viktor Grigoryevich Yakubets: Father of Maksim, accused of money laundering.
- Sergey Yakubets: Brother of Maksim.
- Eduard Benderskiy: Former FSB officer and father-in-law of Maksim Yakubets.
- Aleksandr Viktorovich Ryzhenkov: Core member, developer of ransomware strains. The US DOJ recently unsealed an indictment charging him with using the BitPaymer ransomware variant to attack and extort numerous victims.
- Sergey Viktorovich Ryzhenkov: Brother of Aleksandr, involved in malware development.
Additional Core Members:
- Aleksei Bashlikov
- Ruslan Zamulko
- David Guberman
- Carlos Alvares
- Georgios Manidis
- Tatiana Shevchuk
- Azamat Safarov
- Gulsara Burkhonova
Associated Businesses:
- Biznes-Stolitsa, OOO
- Optima, OOO
- Treid-Invest, OOO
- TSAO, OOO
- Vertikal, OOO
- Yunikom, OOO
Evil Corp’s Operations
Evil Corp operates a sophisticated cybercrime operation:
- They use phishing emails to spread malware like Dridex and BitPaymer ransomware.
- Once a system is infected, they steal banking credentials from victims.
- These credentials are used to fraudulently transfer funds to accounts they control.
- A network of money mules is employed to move the stolen funds.
Family Connections and Organizational Structure
Evil Corp appears to operate as a family enterprise, with multiple family members involved:
- The Yakubets family (Maksim, Viktor, and Sergey) forms the core leadership.
- The Ryzhenkov brothers (Aleksandr and Sergey) play crucial roles in malware development.
- Eduard Benderskiy’s connection to the FSB suggests potential state involvement.
This family-based structure may contribute to the group’s resilience and ability to evade law enforcement.
Call for Information
FinTelegram urges insiders and whistleblowers with additional information about Evil Corp, its members, or related cybercriminal activities to come forward. We are particularly interested in:
- Details about the roles and activities of the named individuals
- Information on the associated businesses and their operations
- Insights into the group’s connections with Russian state actors
- Knowledge of ongoing or planned cybercriminal activities
To securely share information about any of the mentioned individuals or entities, please use our whistleblower system, Whistle42. Your anonymity and safety are our top priorities.By providing information, you can help combat cybercrime and protect financial systems worldwide. Every piece of information, no matter how small it may seem, could be crucial in further exposing and disrupting these harmful operations.
