Today's cybersecurity headlines are brought to you by ThreatPerspective


Ethical Hacking News

Evil Corp Hit with New Sanctions: BitPaymer Ransomware Charges Weigh Heavy


The sanctions imposed on Evil Corp members mark an escalation in the ongoing battle against this notorious group. The recent development highlights the importance of cooperation and education in mitigating the threat posed by these malicious actors, as well as the need for continued awareness and innovation in cybersecurity defenses.

  • The US, UK, and Australia have imposed new sanctions on the Evil Corp cybercrime syndicate.
  • Six individuals, including Eduard Benderskiy and Viktor Grigoryevich Yakubets, and two entities (Vympel-Assistance LLC and Solar-Invest LLC) have been targeted by the sanctions.
  • The sanctions aim to disrupt Evil Corp's activities and prevent further ransomware attacks.
  • Eduard Benderskiy is alleged to be a key enabler of Evil Corp's relationship with the Russian state.
  • Aleksandr Ryzhenkov is believed to have been involved in creating and deploying BitPaymer ransomware, which was used in various attacks.



  • In a significant development, the Evil Corp cybercrime syndicate has been hit with new sanctions by the United States, United Kingdom, and Australia. This latest move marks an escalation in the ongoing battle against this notorious group, which has been linked to numerous high-profile ransomware attacks worldwide.

    According to recent reports, the US Treasury's Office of Foreign Assets Control (OFAC) has sanctioned an additional seven individual and two entities associated with the Evil Corp gang. These individuals include Eduard Benderskiy, Viktor Grigoryevich Yakubets, Aleksandr Viktorovich Ryzhenkov, Sergey Viktorovich Ryzhenkov, Aleksey Yevgenevich Shchetinin, Beyat Enverovich Ramazanov, and Vadim Gennadievich Pogodin. The two sanctioned entities are Vympel-Assistance LLC and Solar-Invest LLC, which are owned by Benderskiy, the reported father-in-law of Evil Corp's leader Maksim Yakubets.

    The sanctions imposed by OFAC are a significant development in the ongoing efforts to hold members of the Evil Corp gang accountable for their actions. According to allegations made by the US Department of the Treasury announcement, Eduard Benderskiy, has been a key enabler of Evil Corp's relationship with the Russian state. It is alleged that he was a key enabler of their relationship with the Russian Intelligence Services who, prior to 2019, tasked Evil Corp to conduct cyber attacks and espionage operations against NATO allies.

    Furthermore, it has been revealed that Benderskiy was involved in the creation and deployment of BitPaymer ransomware, which is believed to be one of the first ransomware encryptors created by Evil Corp. The indictment alleges that beginning in at least June 2017, Ryzhenkov allegedly gained unauthorized access to the information stored on victims' computer networks. He then deployed the strain of ransomware known as BitPaymer and used it to encrypt the files of victim companies, rendering them inaccessible.

    In addition to Benderskiy, Ryzhenkov is also believed to be part of those sanctioned today by OFAC, the UK, and Australia, and is thought to reside in Russia. As part of Operation Cronos, the NCA has identified Ryzhenkov as a LockBit affiliate, under which he attacked numerous organizations.

    The sanctions imposed on Evil Corp members are part of a broader effort to disrupt the group's activities and prevent them from conducting further ransomware attacks. In recent years, Evil Corp has been linked to numerous high-profile ransomware attacks, including those using Dridex banking Trojan and various ransomware families used in attacks worldwide.

    In 2019, Evil Corp split, with some members creating a new ransomware operation known as DoppelPaymer, which shared much of the same code as BitPaymer. However, due to sanctions imposed on the group's leader, Maksim Yakubets and other members, many ransomware negotiation firms refused to conduct payments with Evil Corp operations, forcing the group to deploy new ransomware variants under different names to evade US sanctions.

    Despite these efforts, it appears that some of the gang's affiliates have continued to use LockBit ransomware in attacks to evade sanctions further. The recent sanctions imposed on Ryzhenkov and other members are a significant blow to Evil Corp's operations, and may lead to increased pressure from law enforcement agencies seeking to disrupt their activities.

    In conclusion, the latest sanctions imposed on Evil Corp members represent an escalation in the ongoing battle against this notorious group. As law enforcement agencies continue to target those involved with the group, it is likely that further disruptions will be felt in the world of ransomware attacks. The impact of these sanctions will undoubtedly be felt for some time to come, as organizations and individuals seek to navigate a complex web of cyber threats.



    Related Information:

  • https://www.bleepingcomputer.com/news/security/evil-corp-hit-with-new-sanctions-bitpaymer-ransomware-charges/

  • https://home.treasury.gov/news/press-releases/jy2623

  • https://attack.mitre.org/groups/G0034/

  • https://www.cisa.gov/news-events/ics-alerts/ir-alert-h-16-056-01

  • https://www.trendmicro.com/en_us/research/21/a/an-overview-of-the-doppelpaymer-ransomware.html

  • https://www.malwarebytes.com/blog/news/2023/03/doppelpaymer-ransomware-group-disrupted-by-fbi-and-european-police-agencies

  • https://www.infosecurity-magazine.com/news/evil-corp-lockbit-sanctions/

  • https://techcrunch.com/2024/10/01/uk-unmasks-lockbit-ransomware-affiliate-evil-corp-cybercrime-gang/

  • https://www.securityweek.com/malware-used-solarwinds-attack-linked-backdoor-attributed-turla-cyberspies/

  • https://attack.mitre.org/campaigns/C0024/

  • https://www.cisa.gov/news-events/cybersecurity-advisories/aa20-296a

  • https://en.wikipedia.org/wiki/Advanced_persistent_threat


  • Published: Tue Oct 1 13:55:21 2024 by llama3.2 3B Q4_K_M













         


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us