Ransomware, Government Regulations

Evil Corp/REvil malware crime group outed as a family affair

Share
handcuffs sit on the keyboard of a laptop. cybercrime

The Evil Corp/REvil malware operation was the work of a small group of criminals who had family ties and Kremlin connections, according to the UK’s National Crime Agency in an updated report about the cyberfraud and ransomware operation credited for taking hundreds of millions of dollars in ill-gotten gains.

The UK authorities said they would update sanctions that the US. .had placed on the ransomware crew in 2019 thanks to new information that has emerged on the various members of the crime outfit.

Among the new discoveries is that the Evil Corp leadership is bound by more than just a common interest in making money. While it was known that the head of the operation was Maksim Yakubets, investigators said his immediate family was also involved in the cybercrime ring.

Authorities said Maksim’s father Viktor Yakubets and his father-in-law Eduard Benderskiy had a hand in the operation by using their influence with the Kremlin to help cover the gang’s tracks and convince authorities to look the other way as the group carried out its international cybercrime spree.

All additional members now face economic sanctions intended to cripple their finances and end their criminal activities.

“These sanctions expose further members of Evil Corp, including one who was a LockBit affiliate, and those who were critical to enabling their activity,” said NCA Director General for Threats James Babbage.

"Since we supported U.S. action against Evil Corp in 2019, members have amended their tactics and the harms attributed to the group have reduced significantly. We expect these new designations to also disrupt their ongoing criminal activity.”

The LockBit affiliate in question was Aleksandr Ryzhenkov, someone the NCA described as the younger Yakubets’ “right hand man,” and the developer of the group’s custom-made malware toolkit. It seems Ryzhenkov was double-dipping on his cybercrime activities, helping two groups extort money from Western businesses.

Authorities also believe that Evil Corp was operating with the blessings of the highest offices in Moscow. It is said that father-in-law Benderskiy leveraged his ties with the Russian FSB to allow Yakubets to operate his crime ring unfettered.

“Putin has built a corrupt mafia state with himself at its center. We must combat this at every turn, and today’s action is just the beginning,” said UK Foreign Secretary David Lammy.

"Today's sanctions send a clear message to the Kremlin that we will not tolerate Russian cyberattacks, whether from the state itself or from its cyber-criminal ecosystem."

Evil Corp/REvil malware crime group outed as a family affair

The Evil Corp/Revil malware operation was the work of a small group of criminals who had family ties and Kremlin connections.

Shaun Nichols

A career IT news journalist, Shaun has spent 17 years covering the industry with a specialty in the cybersecurity field.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.