Russian Evil Corp Cybercrime Group Strikes Again

Published: 01 July 2020

MaksimYakubets Evil CorpMaksim Yakubets, the alleged leader of the Russian Evil Corp cybercrime group. (Photo: FBI)

By Zdravko Ljubas

US cyber security experts say that Evil Corp, a Russian group of cybercriminals, has been targeting America’s most successful companies, known as Fortune 500, in an effort to force them to pay millions in ransom.

Symantec, a cyber security division of technology firm Broadcom, said it has warned its customers of “a string of attacks against US companies by attackers attempting to deploy the WastedLocker ransomware (Ransom.WastedLocker) on their networks.”

“The attacks were proactively detected on a number of customer networks by Symantec’s Targeted Attack Cloud Analytics, which leverages advanced machine learning to spot patterns of activity associated with targeted attacks,” the company said.

The attacks were aimed at crippling “the victim’s IT infrastructure by encrypting most of their computers and servers in order to demand a multimillion dollar ransom,” Symantec explained, adding that at least 31 customer organizations have been attacked, but that the total number of attacks could be much higher.

“Aside from a number of large private companies, there were 11 listed companies, eight of which are Fortune 500 companies,” according to Symantec.

The cybercrime group, it added, has been able to penetrate some of the most well-protected corporations, steal their credentials and move easy through their networks causing millions of dollars in damages and triggering “a possible domino effect on supply chains.”

The company also explained that WastedLocker “is a relatively new breed of targeted ransomware,” and that it has been attributed to “Evil Corp cyber crime outfit,” previously associated with the Dridex banking Trojan and BitPaymer ransomware.

The US Department of the Treasury said in December that Evil Corp “operates as a business run by a group of individuals based in Moscow, Russia, who have years of experience and well-developed, trusted relationships with each other.”

It identified Maksim Yakubets as the group’s leader, “responsible for managing and supervising the group’s malicious cyber activities.”

At the same time, the US Justice Department, following an investigation by the FBI and the UK’s National Crime Agency (NCA), offered up to US$5 million “for information leading to arrest or conviction,” of Yakubets and his alleged associate Igor Turashev.

“Maksim Yakubets allegedly has engaged in a decade-long cybercrime spree that deployed two of the most damaging pieces of financial malware ever used and resulted in tens of millions of dollars of losses to victims worldwide,” Assistant Attorney General, Brian Benczkowski, of the Justice Department’s Criminal Division, said then.

The consequences of the Evil Corp could be even higher. Director of the Cyber Crime Unit of the UK National Crime Agency (NCA), Rob Jones, stated in December 2019 that “Yakubets and his associates have allegedly been responsible for losses and attempted losses totalling hundreds of millions of dollars.”