The U.S. Department of Justice and the U.S. Treasury have launched major coordinated actions against Evil Corp, a Russia-based cybercrime organization long known for creating and deploying malware that has siphoned off more than $100 million from financial institutions in at least 40 countries. Evidence shows the group functions much like a family business, with several relatives playing central roles.

Key Developments

  1. Extensive Sanctions:
    The Treasury’s Office of Foreign Assets Control (OFAC) has formally sanctioned a wide network of individuals and companies tied to Evil Corp.
  2. Global Coordination:
    The United States acted in tandem with authorities in the United Kingdom and Australia, reflecting a broad international effort to curb the group’s operations.
  3. Links to the Russian State:
    Investigators have connected Evil Corp’s leadership to Russia’s Federal Security Service (FSB), raising concerns about state protection or cooperation.
  4. Asset Freeze:
    All U.S.-based property belonging to sanctioned persons and entities has been seized or blocked.

Leadership and Key Figures

  1. Maksim Yakubets – Widely recognized as the group’s leader; believed to maintain ties with the FSB.
  2. Igor Turashev – A central operator behind the Dridex malware infrastructure.
  3. Denis Gusev – Senior associate overseeing six affiliated companies.
  4. Viktor Grigoryevich Yakubets – Maksim’s father, accused of handling illicit funds.
  5. Sergey Yakubets – Maksim’s brother and contributor to group operations.
  6. Eduard Benderskiy – Former FSB officer and Maksim Yakubets’ father-in-law.
  7. Aleksandr Viktorovich Ryzhenkov – Key developer of advanced ransomware variants; recently indicted in the U.S. for attacks using the BitPaymer strain.
  8. Sergey Viktorovich Ryzhenkov – Brother of Aleksandr and active in malware engineering.

Other Significant Members


Front Companies and Related Entities

Evil Corp has relied on several businesses—often nominally legitimate—to support and conceal its operations:

  1. Biznes-Stolitsa, OOO
  2. Optima, OOO
  3. Treid-Invest, OOO
  4. TSAO, OOO
  5. Vertikal, OOO
  6. Yunikom, OOO

How Evil Corp Operates

The group runs a professionalized cybercrime infrastructure involving:

  1. Phishing Campaigns: Malicious emails are used to distribute the Dridex trojan and BitPaymer ransomware.
  2. Credential Theft: Compromised systems allow attackers to harvest banking and login data.
  3. Unauthorized Transfers: Stolen credentials are used to move funds into controlled accounts.
  4. Money Mule Networks: A global network of intermediaries helps launder and disperse the stolen funds.

Family Ties and Internal Structure

Evil Corp operates with an internal hierarchy built around family relationships, which appears to enhance its stability and operational secrecy:

This tight-knit structure helps shield the group from infiltration and strengthens its resilience against law enforcement.


Call for Information

FinTelegram encourages whistleblowers or individuals with inside knowledge about Evil Corp, its members, or its associated businesses to come forward. We are particularly seeking details about:

Information can be shared securely through our confidential whistleblower platform Whistle42. Protecting your anonymity remains our highest priority.

Every credible tip helps strengthen global efforts to dismantle sophisticated cybercrime networks and safeguard international financial systems.

Leave a Reply

Your email address will not be published. Required fields are marked *