The U.S. Department of Justice and Treasury have taken significant action against Evil Corp, a Russian cybercrime group responsible for developing and distributing malware that stole more than $100 million from banks and financial institutions in 40 countries. Apparently, Evil Corp operates as a family business with several family members involved.
Key points:
Sanctions: The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has designated numerous individuals and entities associated with Evil Corp.
International cooperation: Actions were coordinated with the UK and Australia.
Connection with the Russian Government: Evil Corp's activities have been linked to the Russian Federal Security Service (FSB).
Financial Implications: All US-based assets of these individuals and entities are now frozen.
Management and key members of Evil Corp
- Maxim Yakubets: Leader of Evil Corp, associated with the Russian FSB.
- Igor Turashev: Key administrator of the Dridex malware.
- Denis Gusev: senior member, controlling six related businesses.
- Viktor Grigorievich Yakubets: Maxim's father, accused of money laundering.
- Sergey Yakubets: Brother of Maxim.
- Eduard Bendersky: former FSB officer and father-in-law of Maxim Yakubets.
Alexander Viktorovich Ryzhenkov: Main participant, developer of ransomware strains. The US Department of Justice recently unsealed an indictment accusing him of using a variant of BitPaymer's ransomware to attack and extort numerous victims.
Sergey Viktorovich Ryzhenkov: Alexander's brother, participates in the development of malware.
Additional core members:
- Alexey Bashlykov
- Ruslan Zamulko
- David Guberman
- Carlos Alvarez
- Georgios Manidis
- Tatiana Shevchuk
- Azamat Safarov
- Gulsara Burkhonova
Associated enterprises:
- Business Capital, LLC
- Optima, LLC
- Trade-Invest, LLC
- TSAO, LLC
- Vertical, LLC
- Unicom, LLC
- Operations of Evil Corp.
Evil Corp conducts complex cybercriminal activities:
They use phishing emails to distribute malware such as Dridex and BitPaymer ransomware.
After infecting the system, they steal the victims' bank details.
These credentials are used to fraudulently transfer funds to accounts they control.
A network of money mules is used to move stolen funds.
Family ties and organizational structure
Evil Corp appears to operate as a family business with several family members involved:
The Yakubets family (Maxim, Victor and Sergei) forms the core of the leadership.
The Ryzhenkov brothers (Alexander and Sergey) play a key role in the development of malware.
Eduard Bendersky's connection with the FSB indicates possible state involvement.
This family structure may contribute to the group's resilience and ability to evade law enforcement.
Call for information
FinTelegram encourages insiders and whistleblowers with additional information about Evil Corp, its members or related cybercriminal activity to come forward. We are particularly interested in the following:
- Details of the roles and activities of the named individuals
- Information about companies associated with the group and their activities
- information about the group’s connections with Russian government agencies
- information about current or planned cybercriminal activity.
To securely share information about any of the individuals or entities mentioned, please use our Whistle42 reporting system. By providing information, you can help fight cybercrime and protect financial systems around the world. Every piece of information, no matter how insignificant it may seem, can play a crucial role in further exposing and stopping these malicious operations.