International law enforcement efforts have ramped up against Evil Corp, a notorious Russian cybercrime group accused of large-scale financial theft and ransomware attacks. Last week, authorities from the U.S., UK, and Australia imposed sanctions on key figures within the group. The U.S. Department of Justice also unsealed charges against one Evil Corp member for deploying BitPaymer ransomware in the U.S.

Evil Corp is infamous for creating and distributing Dridex malware, which has compromised computers globally, stealing login details and resulting in over $100 million in losses for banks and financial institutions in more than 40 countries. The group is deeply entrenched in Russia’s cybercrime world and has alleged links to Russian state entities.

Corey Petty, a cybersecurity expert, explained that cryptocurrency plays a crucial role in ransomware operations, providing transparency and traceability through blockchain technology. While this can help criminals, it also allows authorities to track fund movements.

A recent report from Chainalysis, dated October 3, explored the connections between Evil Corp and the cybercriminal group LockBit, revealing that both groups used the same cryptocurrency deposit addresses at centralized exchanges, indicating potential collaboration. This supports previous findings that Evil Corp may have rebranded itself through LockBit to evade sanctions. The report also uncovered that several Evil Corp members are related, pointing to close internal ties. The group’s leader, Maksim Victorovich Yakubets, is believed to have ties with Russia’s Federal Security Service (FSB) and has sought licenses to handle classified information.

Other individuals, such as Yakubets’ father, Viktor, and his father-in-law, Eduard Benderskiy, a former FSB officer, also suggest possible links between Evil Corp and Russian state agencies. The Chainalysis report noted Russia’s role in using cryptocurrency for activities such as sanctions evasion and ransomware.

In response, law enforcement agencies across several countries have coordinated actions to dismantle Evil Corp’s operations. This includes arrests of suspected members, such as a LockBit developer in France, and the seizure of ransomware infrastructure by Spanish authorities.