Who is Evil Corp?
Evil Corp, also known as Indrik Spider, stands as a prominent example of a sophisticated cybercrime organization. Operating for over a decade, they have inflicted substantial financial damage on a global scale, targeting various sectors, including healthcare, critical infrastructure, and government institutions. This article will explore the rise, fall, and lasting impact of this notorious cybercrime group.
The Early Days of Evil Corp
Evil Corp’s roots can be traced back to Russia, where its founder, Maksim Yakubets, also known by his alias “Aqua,” established the group. What set Evil Corp apart from other online criminal enterprises was its family-centric approach. Maksim involved his father, Viktor, who had a history in financial crime, along with his brother Artem and cousins Kirill and Dmitry Slobodskoy. This familial connection contributed to their expertise in laundering illicit proceeds.
Evil Corp’s Modus Operandi: From Dridex to Ransomware
Evil Corp’s early activities focused on developing and deploying the Dridex banking malware. Launched in 2014, Dridex quickly gained notoriety as one of the most successful banking malware strains. Similar to modern Ransomware-as-a-Service (RaaS) models, Evil Corp leased the Dridex botnet to other cybercriminals.
By 2017, Evil Corp shifted its focus to ransomware attacks, utilizing Dridex to deliver BitPaymer ransomware. Their targets included high-value organizations, a tactic known as “big game hunting.” Internal disputes and pressure from law enforcement led to a split within the group in 2019. Igor Turashev, a key member, departed to develop the DoppelPaymer ransomware. The remaining members, led by Yakubets and his close associate Aleksandr Ryzhenkov, created and deployed the WastedLocker ransomware.
Evil Corp’s Ties to the Russian Government
What made Evil Corp particularly formidable were their reported ties to the Russian government. While many cybercriminal groups operate with tacit state protection, Evil Corp’s relationship with Russian intelligence agencies went a step further.
Maksim Yakubets, in his leadership role, cultivated relationships with various Russian intelligence officials. His father-in-law, Eduard Benderskiy, a former high-ranking FSB officer, played a crucial role in facilitating these connections. Reports suggest that Evil Corp conducted cyberattacks and espionage activities against NATO allies at the behest of Russian intelligence services.
International Efforts to Disrupt Evil Corp
The year 2019 marked a turning point for Evil Corp. The U.S. Treasury Department, in collaboration with the UK’s National Crime Agency (NCA), imposed sanctions on Evil Corp and indicted several members. The U.S. Department of Justice offered a $5 million reward for information leading to Yakubets’ arrest, the largest bounty ever placed on a cybercriminal.
These actions disrupted Evil Corp’s operations and forced them to adapt. They abandoned the use of Dridex and shifted to SocGholish, an initial access tool. However, despite their efforts to obfuscate their activities, cybersecurity researchers attributed the WastedLocker ransomware to the group.
Evil Corp’s Evolution and Continued Threat
Despite setbacks, Evil Corp has demonstrated remarkable resilience. They continue to evolve their tactics and diversify their activities. Some members have been linked to the deployment of other ransomware strains, including LockBit. Aleksandr Ryzhenkov, considered Yakubets’s right-hand man, was identified as a LockBit affiliate by the NCA.
In conclusion, the story of Evil Corp exemplifies the growing threat of sophisticated cybercrime organizations, particularly those operating with state support. Their ability to adapt, evolve, and forge powerful connections makes them a persistent threat in the ever-changing landscape of cybercrime.
Read Full Report
8 pages
• Loading times may vary •