The Biden administration issued new sanctions on Russia’s Evil Corp cyber gang in an international crackdown conducted in coordination with counterparts in Britain and Australia.
The Treasury Department said it sanctioned seven people and two entities associated with Evil Corp as the Justice Department unsealed an indictment charging one gang member in connection with a ransomware attack targeting victims in Texas.
“With law enforcement partners here and around the world, we will continue to put victims first and show these criminals that, in the end, they will be the ones paying for their crimes,” Deputy Attorney General Lisa Monaco said in a statement on Tuesday.
Britain’s National Crime Agency branded Evil Corp the “most pervasive cybercrime group to ever have operated,” in a report authored with the FBI and Australian Federal Police on the cyber gang’s conduct.
Cyber professionals and security officials have long raised concerns about Russian officers moonlighting for cybercriminal gangs, but the international investigators’ new report suggests the hacking operations are more coordinated than previously known.
“Evil Corp held a privileged position, and the relationship between the Russian state and this cybercriminal group went far beyond the typical state-criminal relationship of protection, payoffs and racketeering,” the report said. “In fact, prior to 2019, Evil Corp were tasked by Russian Intelligence Services to conduct cyber-attacks and espionage operations against NATO allies.”
The British, Australian police, and FBI identified Evil Corp leader Maksim Yakubets, who was sanctioned by the U.S. in 2019, as the group’s main contact with Moscow. The investigators said he worked to develop relationships with officials for Russia’s FSB, SVR, and GRU intelligence agencies.
“Evil Corp’s story is a prime example of the evolving threat posed by cybercriminals and ransomware operators,” the investigators’ report said. “In their case, the activities of the Russian state played a particularly significant role, sometimes even co-opting this cybercrime group for its own malicious cyber activity.”
Amid an onslaught of ransomware hammering American businesses in 2021, President Biden drew red lines around critical infrastructure networks in a warning to Russian President Vladimir Putin. But ransomware attacks emanating from Russia have continued to hit U.S. businesses in the ensuing years.
The international crackdown coincided with the U.S.-hosted Counter Ransomware Initiative Summit, a multinational effort to combat cyberattackers organized by the U.S. government.
“The United States will continue to work with our allies and partners to counter the threats posed by ransomware actors,” State Department spokesman Matthew Miller said in a statement. “We will not waver in our commitment to safeguard our businesses and citizens from cybercriminal groups that seek to profit from the suffering of their victims.”
• Ryan Lovelace can be reached at rlovelace@washingtontimes.com.
Please read our comment policy before commenting.