The United States has taken further action against the Russia-based cybercriminal group Evil Corp, identifying and sanctioning additional members and affiliates. The Department of the Treasury’s Office of Foreign Assets Control (OFAC) has designated seven individuals and two entities associated with Evil Corp in coordination with the United Kingdom’s Foreign, Commonwealth & Development Office (FCDO) and Australia’s Department of Foreign Affairs and Trade (DFAT).

On December 5, 2019, OFAC had previously designated Evil Corp, its leader Maksim Viktorovich Yakubets, and over a dozen members under Executive Order 13694, as amended by Executive Order 13757. The United Kingdom and Australia are also designating select individuals affiliated with Evil Corp today or from the 2019 designations. Concurrently, the U.S. Department of Justice has unsealed an indictment charging one member of Evil Corp in connection with BitPaymer ransomware attacks on U.S. victims.

“Today’s trilateral action underscores our collective commitment to safeguard against cybercriminals like ransomware actors, who seek to undermine our critical infrastructure and threaten our citizens,” said Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence Bradley T. Smith.

Evil Corp is known for developing Dridex malware used to steal login credentials from banks and financial institutions globally, causing over $100 million in losses. In conjunction with OFAC's December 2019 sanctions, the U.S. Department of Justice indicted Maksim Yakubets and Igor Turashev on charges related to computer hacking and bank fraud schemes.

Maksim Yakubets allegedly used his employment at the Russian National Engineering Corporation (NIK) as cover for his criminal activities linked to Evil Corp. NIK was established by Igor Yuryevich Chayka, son of Russian Security Council member Yuriy Chayka, along with Aleksei Valeryavich Troshin.

Eduard Benderskiy, a former Spetnaz officer of the Russian Federal Security Service (FSB), is identified as a key enabler of Evil Corp’s relationship with the Russian state. Benderskiy leveraged his status to facilitate relationships between Evil Corp and Russian intelligence services officials.

Viktor Grigoryevich Yakubets is Maksim's father and a member of Evil Corp who likely procured technical equipment for their operations in 2020. Aleksandr Viktorovich Ryzhenkov has been a long-term associate of Maksim since around 2013 and played a significant role in developing some of Evil Corp's most prolific ransomware strains.

Other designated members include Sergey Viktorovich Ryzhenkov, Aleksey Yevgenevich Shchetinin, Beyat Enverovich Ramazanov, and Vadim Gennadievich Pogodin—all contributing to various aspects of Evil Corp's operations.

In addition to these sanctions designations, an indictment against Aleksandr Ryzhenkov has been unsealed by the U.S. Department of Justice for using BitPaymer ransomware against numerous U.S.-based victims.

As a result of these actions, all property belonging to these designated persons within the United States or controlled by U.S. persons are blocked. Transactions involving these individuals or entities are generally prohibited unless authorized by OFAC.

The ultimate goal of sanctions is not punitive but aims to bring about positive changes in behavior according to OFAC guidelines.

###