The United States is today taking additional action against affiliates of the Russia-based, U.S.-designated cybercrime group Evil Corp. The Department of the Treasury is designating seven individuals and two entities associated with the group. We are taking this action in coordination with the United Kingdom and Australia, who are concurrently designating select Evil Corp-affiliated individuals.
Additionally, the Department of Justice has unsealed an indictment charging one of the Evil Corp members for his use of BitPaymer ransomware targeting victims in the United States.
Today’s action coincides with the second day of the U.S.-hosted Counter Ransomware Initiative summit. The United States will continue to work with our allies and partners to counter the threats posed by ransomware actors. We will not waver in our commitment to safeguard our businesses and citizens from cybercriminal groups that seek to profit from the suffering of their victims.
Evil Corp is a Russia-based cybercriminal organization responsible for the development and distribution of the Dridex malware. Evil Corp has used the Dridex malware to infect computers and harvest login credentials from hundreds of banks and other financial institutions in over 40 countries, resulting in more than $100 million in theft losses and damage suffered by U.S. and international financial institutions and their customers. Treasury sanctioned Evil Corp, its leader/founder, Maksim Viktorovich Yakubets, and many of its members and facilitators in December 2019. Concurrently with Treasury’s December 2019 action, the Department of Justice indicted Maksim and Evil Corp administrator Igor Turashev, and the Department of State’s Transnational Organized Crime Rewards Program issued a reward for information of up to $5 million leading to the capture and/or conviction of Maksim. Treasury sanctions today were taken pursuant to Executive Order (E.O.) 14024 and E.O. 13694, as amended by E.O. 13757. For more information, see Treasury’s press release.