1 of 2 | A programer shows a sample of a ransomware cyberattack on a laptop in 2017. On Tuesday, the Justice Department announced that a series of political sanctions have been put on members of the Russia-based "Evil Corp" cybercriminal group and its associated businesses in coordination with Britain and Australia Photo by Ritchie B. Tongo/EPA
Oct. 1 (UPI) -- A series of political sanctions have been put on members of the Russia-based Evil Corp cybercriminal group and its associated businesses in coordination with Britain and Australia, according to the U.S. Treasury Department.
Evil Corp is a cybercriminal organization that was responsible for developing and distributing Dridex malware, officials said.
It also was announced on Tuesday that the U.S. Department of Justice had unsealed an indictment charging one Evil Corp loyalist allegedly connected with his use of BitPaymer ransomware that targets victims in the United States, according to a Treasury Department news release.
The United States' joint action with Britain and Australia "underscores our collective commitment to safeguard against cybercriminals like ransomware actors, who seek to undermine our critical infrastructure and threaten our citizens," Bradley Smith, Treasury's acting under secretary for terrorism and financial intelligence, said Tuesday.
The five named suspects allegedly tied to Russian cybercriminal group Evil Corp are: Eduard Benderskiy; Viktor Grigoryevich Yakubets; Aleksandr Viktorovich Ryzhenkov; Sergey Viktorovich Ryzhenkov; Aleksey Yevgenevich Shchetinin; Beyat Enverovich Ramazanov and Vadim Gennadievich Pogodin.
Also named in Tuesday's Evil Corp sanctions were two Russia-based business and management consulting companies, Vympel-Assistance LLC and Solar-Invest LLC, of which Benderskiy was the 100% owner, U.S. officials say.
In February, the U.S. Justice Department said it thwarted a Russia-backed hacking network that infiltrated hundreds of home and office Internet routers.
A Russian Federation's Main Intelligence Directorate (GRU) affiliate, the Department of Justice said at the time, allegedly used malware to create a network of hundreds of small routers for the purpose of harvesting information from U.S. and foreign entities.
According to the department, Evil Corp is a cybercriminal organization behind the development and distribution of Dridex malware.
Evil Corp utilized the Dridex malware to infect computers and harvest login credentials from hundreds of banks and other financial institutions in more than 40 nations, Treasury added, saying it resulted "in more than $100 million in theft losses and damage suffered by U.S. and international financial institutions and their customers."
In June, the Federal Communications Commission launched a $200M pilot program aimed at tackling cybersecurity threats at schools and public libraries.
With Tuesday's U.S. sanctions designations, the Department of Justice's unsealed indictment charged Ryzhenkov with allegedly utilizing the BitPaymer ransomware tool to "target numerous victims throughout the United States," according to the government.
Tuesday's announcement by Treasury's Office of Foreign Assets Control also ran on the second day of the U.S.-hosted Counter Ransomware Initiative summit, which Treasury says was a coordination of more than 50 nations working to counter the threat of ransomware cyberattacks.
The international trilateral move with the United States was a combined effort with Britain's Foreign, Commonwealth and Development Office, as well as Australia's Department of Foreign Affairs and Trade.
In 2019, the United States previously placed sanctions on 17 people and seven businesses associated with Evil Corp after its leaders were tied to a $100M malware scheme by Dridex.
At the time, Treasury's OFAC had named and designated Evil Corp's founder and leader Maksim Viktorovich Yakubets.
The indicated and sanctioned Aleksandr Ryzhenkov, according to the U.S. government, allegedly used "a variety of methods" to hack computers systems by weaponizing his "ill-gotten access" to demand millions of ransom dollars.
Meanwhile, the sanctioned Benderskiy, an ex-Spetnaz officer in Russia's Federal Security Service, is father-in-law to Evil Corp's leader Maksim Viktorovich Yakubets.
Treasury says while Benderskiy has no official position in the Russian government, he "portrays himself as an aide to the Russian Duma," which is the nation's legislative branch of government.
Benderskiy, the Treasury said, has been a "key enabler" of Evil Corp's relationship with the Russian government.
Benderskiy, it is alleged, leveraged his status and contacts to facilitate Evil Corp's developing of relationships with officials of the Russian intelligence services. And after Evil Corp's December 2019 set of sanctions and indictments, Benderskiy "used his extensive influence to protect the group," the government claims.
The newly sanctioned Viktor Yakubets is the father of Evil Corp's founder and leader Maksim Viktorovich Yakubets.
The U.S. claims Viktor in 2020 had "likely procured technical equipment in furtherance of Evil Corp's operations."
Sergey Ryzhenkov, Aleksey Shchetinin, Beyat Ramazanov and Vadim Pogodin are, the Treasury stated, Evil Corp members who "provided general support to the cybercriminal group's activities and operations."