UK cracks down on Evil Corp cybercriminals linked to Russia and attacks on NATO member states

Shape of Russia filled with Russian flag-colored internet codes on a black hacking background
(Image credit: Getty Images)

The UK National Crime Agency (NCA) has sanctioned 16 people belonging to the Evil Corp. cybercriminal organization, which has links to the Lockbit ransomware group and the Russian state.

Evil Corp. originated as a Moscow-based family financial crime group before graduating into the world of cybercrime, successfully stealing at least $300 million from healthcare, critical national infrastructure, government, and other organizations around the world.

The group is also believed to have orchestrated espionage operations against NATO members on behalf of the Russian Intelligence Services. Members of the group have also been sanctioned by authorities in the US and Australia.

Evil Corp, FSB, and LockBit

In 2019, an NCA investigation culminated in the US sanctioning the Evil Corp. head, Maksim Yakubets, and an administrator for the organization, Igor Turashev, alongside several other members. However, today's additional sanctions from the UK Foreign, Commonwealth and Development Office now encompasses both Yukabets and Turashev, alongside seven other individuals.

Among them is Aleksandr Ryzhenkov, an ally of Yakubets and LockBit affiliate with links to numerous ransomware attacks identified during Operation Cronos. Ryzhenkov was also identified as a perpetrator in a number of BitPaymer ransomware attacks against US organizations, and received an unsealed indictment from the US Department of Justice.

Among those sanctioned with strong links to the Russian state are Yakubets’ father, Viktor Yakubets, and former FSB official and father-in-law, Eduard Benderskiy. Speaking on the sanctions, James Babbage, Director General for Threats at the NCA said, “The action announced today has taken place in conjunction with extensive and complex investigations by the NCA into two of the most harmful cybercrime groups of all time.”

"These sanctions expose further members of Evil Corp, including one who was a LockBit affiliate, and those who were critical to enabling their activity,” Babbage continued.

"Since we supported US action against Evil Corp in 2019, members have amended their tactics and the harms attributed to the group have reduced significantly. We expect these new designations to also disrupt their ongoing criminal activity.

"Ransomware is the most significant cybercrime threat facing the UK and the world. The NCA is dedicated to working with our partners in the UK and overseas, sharing intelligence and working to disrupt the most sophisticated and harmful ransomware groups, no matter where they are or how long it takes,” Babbage concluded.

More from TechRadar Pro

Benedict Collins
Staff Writer (Security)

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division), then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.

Read more
Representational image of a cybercriminal
US, UK crack down on Russian bulletproof hosting service ZServers for LockBit partnership
Russia
Major Russian hacking group shifts focus to US and UK targets
Cryptocurrencies
Ransomware’s favorite Russian crypto exchange seized by law enforcement
Flags of Iran, China, Russia and North Korea on a wall. China North Korea Iran Russia alliance
Cybercrime is helping fund rogue nations across the world - and it's only going to get worse, Google warns
Ransomware
8base ransomware site taken down in global police operation
Russian flag on a laptop
Major Russian IT service provider hit with cyberattack
Latest in Pro
Hands typing on a keyboard surrounded by security icons
The psychology of scams: how cybercriminals are exploiting the human brain
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Stress
Complexity of IT systems could be increasing security risks for businesses
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
CEOs think they might lose their jobs if they can't deliver on AI
A person using a desktop computer.
The role of automation in achieving sustainability goals
Cyber-security
The definitive guide to credential collaboration
Latest in News
Garmin Instinct 3 in Neotropic Green
"I'm an idiot": Garmin user reveals how fixing one setting completely changed their training after months of making no progress
The main battle pass characters in Fortnite Lawless, including Midas, Sub Zero and a large wolf-man
You'll finally be able to play Fortnite on Windows 11 Arm-powered laptops as Epic Games partners with Qualcomm
DeepSeek on an iPhone
OpenAI calls on US government to ban DeepSeek, calling it ‘state-subsidized’ and ‘state-controlled’
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Stress
Complexity of IT systems could be increasing security risks for businesses
Warhammer 40,000: Space Marine 3
Warhammer 40,000: Space Marine 3 enters development as team promises to support Space Marine 2 'with exciting content and regular updates in the coming years'