UK cracks down on Evil Corp cybercriminals linked to Russia and attacks on NATO member states

Shape of Russia filled with Russian flag-colored internet codes on a black hacking background
(Image credit: Getty Images)

The UK National Crime Agency (NCA) has sanctioned 16 people belonging to the Evil Corp. cybercriminal organization, which has links to the Lockbit ransomware group and the Russian state.

Evil Corp. originated as a Moscow-based family financial crime group before graduating into the world of cybercrime, successfully stealing at least $300 million from healthcare, critical national infrastructure, government, and other organizations around the world.

The group is also believed to have orchestrated espionage operations against NATO members on behalf of the Russian Intelligence Services. Members of the group have also been sanctioned by authorities in the US and Australia.

Evil Corp, FSB, and LockBit

In 2019, an NCA investigation culminated in the US sanctioning the Evil Corp. head, Maksim Yakubets, and an administrator for the organization, Igor Turashev, alongside several other members. However, today's additional sanctions from the UK Foreign, Commonwealth and Development Office now encompasses both Yukabets and Turashev, alongside seven other individuals.

Among them is Aleksandr Ryzhenkov, an ally of Yakubets and LockBit affiliate with links to numerous ransomware attacks identified during Operation Cronos. Ryzhenkov was also identified as a perpetrator in a number of BitPaymer ransomware attacks against US organizations, and received an unsealed indictment from the US Department of Justice.

Among those sanctioned with strong links to the Russian state are Yakubets’ father, Viktor Yakubets, and former FSB official and father-in-law, Eduard Benderskiy. Speaking on the sanctions, James Babbage, Director General for Threats at the NCA said, “The action announced today has taken place in conjunction with extensive and complex investigations by the NCA into two of the most harmful cybercrime groups of all time.”

"These sanctions expose further members of Evil Corp, including one who was a LockBit affiliate, and those who were critical to enabling their activity,” Babbage continued.

"Since we supported US action against Evil Corp in 2019, members have amended their tactics and the harms attributed to the group have reduced significantly. We expect these new designations to also disrupt their ongoing criminal activity.

"Ransomware is the most significant cybercrime threat facing the UK and the world. The NCA is dedicated to working with our partners in the UK and overseas, sharing intelligence and working to disrupt the most sophisticated and harmful ransomware groups, no matter where they are or how long it takes,” Babbage concluded.

More from TechRadar Pro

Benedict Collins
Staff Writer (Security)

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division),  then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.