The United States Is Taking Additional Action Against Russia-Based Cybercrime Group Evil Corp by Identifying and Sanctioning Additional Members and Affiliates
WASHINGTON — Today, the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) is appointing seven individuals and two entities associated with the Russia-based cybercrime group Evil Corp as part of a trilateral lawsuit with the Office of Foreign Affairs. Commonwealth and Development Services of the United Kingdom (FCDO) and the Australian Department of Foreign Affairs and Trade (DFAT). On December 5, 2019, OFAC sanctioned Evil Corp, its leader and founder, Maxim Viktorovich Yakubets, and more than a dozen Evil Corp members, facilitators, and affiliates pursuant to Executive Order (E.O.) 13694, as amended by E.O. 13757 ("E.O. 13694, as amended"). The United Kingdom and Australia are simultaneously appointing individuals associated with Evil Corp designated by OFAC today or in 2019. In addition, the U.S. Department of Justice has unsealed an indictment accusing one member of Evil Corp in connection with his use of the BitPaymer ransomware targeting victims in the United States. Today's appointment also coincides with the second day of the U.S. Anti-Ransomware Initiative Summit, which brings together more than 50 countries working together to counter the ransomware threat.
"Today's tripartite action underscores our collective commitment to defend against cybercriminals like ransomware that seek to undermine our critical infrastructure and threaten our citizens," said Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence Bradley T. Smith. "The United States, in close coordination with our allies and partners, including through the Counter Ransomware Initiative, will continue to expose and disrupt criminal networks that seek to personally profit from the pain and suffering of their victims."
Evil Corp is a Russia-based cybercriminal organization responsible for the development and distribution of the Dridex malware. Evil Corp used the Dridex malware to infect computers and obtain login credentials for hundreds of banks and other financial institutions in more than 40 countries, resulting in more than $100 million in theft losses and damages suffered by U.S. and international financial institutions and their customers. Simultaneously with the December 2019 OFAC sanctions, the U.S. Department of Justice indicted Maxim and Evil Corp administrator Igor Turashev on criminal charges related to computer hacking and bank fraud schemes, and the U.S. State Department's Transnational Organized Crime Encouragement Program issued up to $5 million in information rewards, leading to Maxim's capture and/or conviction.
In addition, Maxim used his job at the Russian National Engineering Corporation (NIK) as a cover for his ongoing criminal activities related to Evil Corp. NIK was founded by Igor Yuryevich Chayka, the son of Russian Security Council member Yuri Chaika, and his associate Alexei Valerievich Troshin. In October 2022yes, OFAC has included Chaika, Troshin, and NIKA in accordance with EO 14024.
Members and affiliates of Evil Corp.
Eduard Benderskiy, a former special forces officer of the Russian Federal Security Service (FSB) who appears under multiple OFAC sanctions, a current Russian businessman, and the father-in-law of Evil Corp leader Maxim Viktorovich Yakubets (Maksim), has been a key factor in Evil Corp's relationship with the Russian state. Bendersky used his status and contacts to help develop Evil Corp's relationship with Russian intelligence officials. Following the sanctions and indictments against Evil Corp and Maxim in December 2019, Bendersky used his extensive influence to protect the group.
Although Bendersky does not have an official position in the Russian government, he poses as an aide to the Russian Duma. Around 2017, one of Bendersky's private security firms was involved in securing facilities in Iraq operated by the Russian oil company OAO Lukoil. The same private security firm has been praised by the FSB, the Russian Foreign Ministry, the Russian Duma and other Russian government bodies.
Since at least 2016, Maxim has had business contacts with Alexander Tikhonov (Tikhonov), the former commander of the FSB Special Forces Center, Russian government executives, including OFAC appointees Dmitry Kozak and Gleb Khor and heads of prominent Russian banks such as OFAC appointee Herman Gref (Gref), CEO of Sberbank. In 2019, Bendersky used his connections to facilitate a business deal that included Maxim and Kozak, which they believed would earn tens of millions of dollars a month. In the same year, Bendersky held a meeting with Maxim and Gref to discuss business contracts with NIK.
Following the sanctions and indictments against Evil Corp and Maxim in December 2019, Maxim turned to Bendersky for advice. Bendersky has used his extensive influence to protect the group, including his son-in-law, both by ensuring the safety of high-ranking members and by ensuring that they are not harassed by Russian domestic authorities.
OFAC appointed Bendersky pursuant to E.O. 14024 for being owned or controlled by, or acting or purporting to act on, directly or indirectly, the Government of the Russian Federation, and pursuant to E.O. 13694, as amended, for materially assisting, sponsoring, or providing financial, material, or technological support, goods, or services in support of Maxim, a person whose property and property interests are blocked in accordance with the Law. to E.O. 13694, as amended.
Bendersky is the CEO, founder and 100% owner of Russian consulting companies in the field of business and management Vympel-Assistance LLC and Solar-Invest LLC. OFAC listed Vimpel-Assistance LLC and Solar-Invest LLC pursuant to E.O. 14024 and E.O. 13694, as amended, for being owned or controlled by, or acting or purporting to act on behalf of, directly or indirectly, Bendersky, a person whose property and interests in property are blocked in theE.O. 14024 and E.O. 13694, as amended.
Victor Grigorievich Yakubets (Victor) is Maxim's father and a member of Evil Corp. In 2020, Victor likely purchased technical equipment to facilitate the activities of Evil Corp. OFAC appointed Victor pursuant to E.O. 13694, as amended, for providing material assistance, sponsoring, or providing financial, material, or technological support, goods, or services in support of Evil Corp, persons whose property and interests in property are blocked in accordance with E.O. 13694, as amended.
Maxim was careful to introduce different members of the group to different areas of business, but he trusted his longtime partner and deputy, Aleksandr Ryzhenkov. Maxim started working with Alexander Ryzhenkov around 2013, when they were both still involved in the Business Club group. In 2016, Alexander Ryzhenkov, who is associated with the online alias "Gester" (a pseudonym he used to conduct operations on behalf of Evil Corp), attempted to acquire internet bots as part of an Evil Corp operation targeting targets based in Switzerland. Since at least mid-2017, Alexander Ryzhenkov has been Maxim's interlocutor with most of the members of Evil Corp and oversaw the operations of the cybercriminal group. In mid-2017, Alexander Ryzhenkov became a target for a bank located in New York. Following the sanctions and indictment in December 2019, Maxim and Alexander Ryzhenkov returned to operations targeting victims in the United States. In 2020, Alexander Ryzhenkov worked with Maxim on the development of "Dridex 2.0".
Sergey Ryzhenkov, Alexey Evgenievich Shchetinin (Shetinin), Beyat Enverovich Ramazanov and Vadim Gennadievich Pogodin are members of Evil Corp who have provided general support for the activities of the cybercriminal group.
In 2019, Sergey Ryzhenkov, brother of Alexander Ryzhenkov, helped move Evil Corp's operations to a new office. In 2020, after the imposition of sanctions against Evil Corp and the filing of an indictment, Sergey Ryzhenkov helped Alexander Ryzhenkov and Maxim develop the "Dridex 2.0" malware. From 2017 to at least 2018, Shchetinin worked with several other members of Evil Corp, including Denis Igorevich Gusev, Dmitry Konstantinovich Smirnov, and Alexei Bashlikov, to buy and exchange millions of dollars worth of virtual and fiat currencies. In early 2020, Pogodin played a crucial role in the Evil Corp ransomware attack, and in mid-2020, he facilitated the Evil Corp ransomware attack on the American company.
OFAC has designated Alexander Ryzhenkov, Sergey Ryzhenkov, Shchetinin, Ramazanov, and Pogodin pursuant to E.O. 13694, as amended, for providing material assistance, sponsoring, or providing financial, material, or technological support, goods, or services in support of Evil Corp, individuals whose property and interests in property are blocked pursuant to E.O. 13694, as amended.
In addition to today's sanctions, the U.S. Department of Justice has released an indictment indicting Alexander RyzhIn the United States, the company has been able to use the BitPaymer Ransomware to prosecute numerous victims throughout the United States. Alexander Ryzhenkov used various methods to invade computer systems and used his illegally obtained access to demand millions of dollars in ransom. The Federal Bureau of Investigation has published a wanted listing for Alexander Ryzhenkov for his alleged involvement in ransomware attacks and money laundering. Also today, the United Kingdom listed 15 and Australia listed three members and affiliates of Evil Corp.
Source
BENDERSKIY, Eduard Vitalyevich (a.k.a. BENDERSKI, Eduard Vitalevich; a.k.a. BENDERSKII, Eduard Vitalyevich; a.k.a. BENDERSKY, Eduard Vitalevich), Russia; DOB 25 Jun 1970; nationality Russia; citizen Russia; Gender Male; Secondary sanctions risk: See Section 11 of Executive Order 14024.; Tax ID No. 500103441868 (Russia) (individual) [CYBER2] [RUSSIA-EO14024] (Linked To: YAKUBETS, Maksim Viktorovich).
POGODIN, Vadim Gennadievich (Cyrillic: POGODIN, Vadim Gennadievich) (a.k.a. "BIBA"; a.k.a. "SHGRYUV"), Moscow, Russia; DOB 19 Mar 1986; POB Moscow, Russia; nationality Russia; Gender Male; Passport 642774845 (Russia); National ID No. 4508703790 (Russia) (individual) [CYBER2] (Linked To: EVIL CORP).
RAMAZANOV, Beyat Enverovich (Cyrillic: RAMAZANOV, Beyat Enverovich) (a.k.a. RAMAZANOV, Beiat (Cyrillic: RAMAZANOV, Beyat)), Moscow, Russia; DOB 05 Jan 1988; POB Moscow, Russia; nationality Russia; Gender Male; Passport 735947775 (Russia); alt. Passport 641209339 (Russia); National ID No. 4509701463 (Russia); Tax ID No. 77017321838 (Russia) (individual) [CYBER2] (Linked To: EVIL CORP).
RYZHENKOV, Aleksandr Viktorovich (a.k.a. "CHERDAKMUDAK"; a.k.a. "GUESTER"; a.k.a. "MALOY, Sanya"; a.k.a. "MALOY, Sasha"), Russia; DOB 26 May 1993; nationality Russia; Gender Male; Passport 643501126 (Russia) (individual) [CYBER2] (Linked To: EVIL CORP).
RYZHENKOV, Sergey Viktorovich (a.k.a. "MALOY, Serega"; a.k.a. "POCH"; a.k.a. "STEN"), Moscow, Russia; DOB 15 Feb 1989; POB Uzbekistan; nationality Russia; Gender Male; Passport 712199247 (Russia); National ID No. 3609048460 (Russia) (individual) [CYBER2] (Linked To: EVIL CORP).
SHCHETININ, Aleksey Yevgenevich (a.k.a. SCHETININ, Alex; a.k.a. SHCHETININ, Alexey; a.k.a. "SHCHETININ, Lesha"), Russia; DOB 22 Aug 1987; nationality Russia; Gender Male; Passport 760960574 (Russia); alt. Passport 713133176 (Russia); National ID No. 4509396564 (Russia) (individual) [CYBER2] (Linked To: EVIL CORP).
SUISSA, Avichai (Hebrew: אביחי סוויסה) (a.k.a. SVISA, Avihai), Yishuv HaDa'at, West Bank; DOB 01 Jul 1986; nationality Israel; Gender Male; National ID No. 038172441 (Israel) (individual) [WEST-BANK-EO14115].
YAKUBETS, Viktor Grigoryevich (a.k.a. YAKUBETS, Victor), Russia; DOB 19 Feb 1964; nationality Russia; Gender Male (individual) [CYBER2] [RUSSIA-EO14024] (Linked To: EVIL CORP).
YARDENI, Eitan (Hebrew: איתן ירדני), Ma'on Farm Outpost, West Bank; DOB 06 Jun 2001; nationality Israel; Gender Male; National ID No. 212076517 (Israel) (individual) [WEST-BANK-EO14115].
Source
In the United States, a Russian was charged with using BitPaymer malware
Charges have been brought against Russian citizen Alexander Ryzhenkov in the case of using the BitPaymer ransomware to steal confidential data of residents of Texas and other states in order to further obtain funds, the US Department of Justice said in a statement.
According to the indictment, since at least June 2017, Ryzhenkov allegedly gained unauthorized access to information stored in the victims' computer networks.
According to the U.S. Attorney's Office, Ryzhenkov and his accomplices used a strain of ransomware known as BitPaymer to encrypt the victims' files, thereby denying them access to the data.
After that, the victims' computers received emails containing ransom demands and instructions on how to contact the attackers to start appropriate negotiations.
According to the prosecution, Ryzhenkov and his accomplices allegedly demanded that the victims pay a ransom in order to receive the decryption key and prevent the disclosure of their confidential information on the Internet.
The indictment also alleges that Ryzhenkov and others used a variety of methods to infiltrate computer systems, including phishing campaigns, malware, and vulnerabilities in computer hardware and software.
The total amount of damage to the victims of the actions of Ryzhenkov and his alleged accomplices is "millions of dollars," the US Department of Justice said in a statement.
In connection with the publication of the indictment, the Office of Foreign Assets Control of the US Department of the Treasury announced that Ryzhenkov, who is allegedly currently in Russia, was included in the list of specially designated citizens.
This sanction blocks the property and interests of the relevant person in the United States, and prohibits US financial institutions from participating in certain transactions and conducting operations involving such a person, the Department of Justice emphasizes.
• Source: https://www.justice.gov/opa/pr/russian-national-indicted-series-ransomware-attacks
• Source: https://www.fbi.gov/wanted/cyber/aleksandr-ryzhenkov
• Source: https://storage.courtlistener.com/recap/gov.uscourts.txnd.374544/gov.uscourts.txnd.374544.1.0.pdf
WASHINGTON — Today, the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) is appointing seven individuals and two entities associated with the Russia-based cybercrime group Evil Corp as part of a trilateral lawsuit with the Office of Foreign Affairs. Commonwealth and Development Services of the United Kingdom (FCDO) and the Australian Department of Foreign Affairs and Trade (DFAT). On December 5, 2019, OFAC sanctioned Evil Corp, its leader and founder, Maxim Viktorovich Yakubets, and more than a dozen Evil Corp members, facilitators, and affiliates pursuant to Executive Order (E.O.) 13694, as amended by E.O. 13757 ("E.O. 13694, as amended"). The United Kingdom and Australia are simultaneously appointing individuals associated with Evil Corp designated by OFAC today or in 2019. In addition, the U.S. Department of Justice has unsealed an indictment accusing one member of Evil Corp in connection with his use of the BitPaymer ransomware targeting victims in the United States. Today's appointment also coincides with the second day of the U.S. Anti-Ransomware Initiative Summit, which brings together more than 50 countries working together to counter the ransomware threat.
"Today's tripartite action underscores our collective commitment to defend against cybercriminals like ransomware that seek to undermine our critical infrastructure and threaten our citizens," said Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence Bradley T. Smith. "The United States, in close coordination with our allies and partners, including through the Counter Ransomware Initiative, will continue to expose and disrupt criminal networks that seek to personally profit from the pain and suffering of their victims."
Evil Corp is a Russia-based cybercriminal organization responsible for the development and distribution of the Dridex malware. Evil Corp used the Dridex malware to infect computers and obtain login credentials for hundreds of banks and other financial institutions in more than 40 countries, resulting in more than $100 million in theft losses and damages suffered by U.S. and international financial institutions and their customers. Simultaneously with the December 2019 OFAC sanctions, the U.S. Department of Justice indicted Maxim and Evil Corp administrator Igor Turashev on criminal charges related to computer hacking and bank fraud schemes, and the U.S. State Department's Transnational Organized Crime Encouragement Program issued up to $5 million in information rewards, leading to Maxim's capture and/or conviction.
In addition, Maxim used his job at the Russian National Engineering Corporation (NIK) as a cover for his ongoing criminal activities related to Evil Corp. NIK was founded by Igor Yuryevich Chayka, the son of Russian Security Council member Yuri Chaika, and his associate Alexei Valerievich Troshin. In October 2022yes, OFAC has included Chaika, Troshin, and NIKA in accordance with EO 14024.
Members and affiliates of Evil Corp.
Eduard Benderskiy, a former special forces officer of the Russian Federal Security Service (FSB) who appears under multiple OFAC sanctions, a current Russian businessman, and the father-in-law of Evil Corp leader Maxim Viktorovich Yakubets (Maksim), has been a key factor in Evil Corp's relationship with the Russian state. Bendersky used his status and contacts to help develop Evil Corp's relationship with Russian intelligence officials. Following the sanctions and indictments against Evil Corp and Maxim in December 2019, Bendersky used his extensive influence to protect the group.
Although Bendersky does not have an official position in the Russian government, he poses as an aide to the Russian Duma. Around 2017, one of Bendersky's private security firms was involved in securing facilities in Iraq operated by the Russian oil company OAO Lukoil. The same private security firm has been praised by the FSB, the Russian Foreign Ministry, the Russian Duma and other Russian government bodies.
Since at least 2016, Maxim has had business contacts with Alexander Tikhonov (Tikhonov), the former commander of the FSB Special Forces Center, Russian government executives, including OFAC appointees Dmitry Kozak and Gleb Khor and heads of prominent Russian banks such as OFAC appointee Herman Gref (Gref), CEO of Sberbank. In 2019, Bendersky used his connections to facilitate a business deal that included Maxim and Kozak, which they believed would earn tens of millions of dollars a month. In the same year, Bendersky held a meeting with Maxim and Gref to discuss business contracts with NIK.
Following the sanctions and indictments against Evil Corp and Maxim in December 2019, Maxim turned to Bendersky for advice. Bendersky has used his extensive influence to protect the group, including his son-in-law, both by ensuring the safety of high-ranking members and by ensuring that they are not harassed by Russian domestic authorities.
OFAC appointed Bendersky pursuant to E.O. 14024 for being owned or controlled by, or acting or purporting to act on, directly or indirectly, the Government of the Russian Federation, and pursuant to E.O. 13694, as amended, for materially assisting, sponsoring, or providing financial, material, or technological support, goods, or services in support of Maxim, a person whose property and property interests are blocked in accordance with the Law. to E.O. 13694, as amended.
Bendersky is the CEO, founder and 100% owner of Russian consulting companies in the field of business and management Vympel-Assistance LLC and Solar-Invest LLC. OFAC listed Vimpel-Assistance LLC and Solar-Invest LLC pursuant to E.O. 14024 and E.O. 13694, as amended, for being owned or controlled by, or acting or purporting to act on behalf of, directly or indirectly, Bendersky, a person whose property and interests in property are blocked in theE.O. 14024 and E.O. 13694, as amended.
Victor Grigorievich Yakubets (Victor) is Maxim's father and a member of Evil Corp. In 2020, Victor likely purchased technical equipment to facilitate the activities of Evil Corp. OFAC appointed Victor pursuant to E.O. 13694, as amended, for providing material assistance, sponsoring, or providing financial, material, or technological support, goods, or services in support of Evil Corp, persons whose property and interests in property are blocked in accordance with E.O. 13694, as amended.
Maxim was careful to introduce different members of the group to different areas of business, but he trusted his longtime partner and deputy, Aleksandr Ryzhenkov. Maxim started working with Alexander Ryzhenkov around 2013, when they were both still involved in the Business Club group. In 2016, Alexander Ryzhenkov, who is associated with the online alias "Gester" (a pseudonym he used to conduct operations on behalf of Evil Corp), attempted to acquire internet bots as part of an Evil Corp operation targeting targets based in Switzerland. Since at least mid-2017, Alexander Ryzhenkov has been Maxim's interlocutor with most of the members of Evil Corp and oversaw the operations of the cybercriminal group. In mid-2017, Alexander Ryzhenkov became a target for a bank located in New York. Following the sanctions and indictment in December 2019, Maxim and Alexander Ryzhenkov returned to operations targeting victims in the United States. In 2020, Alexander Ryzhenkov worked with Maxim on the development of "Dridex 2.0".
Sergey Ryzhenkov, Alexey Evgenievich Shchetinin (Shetinin), Beyat Enverovich Ramazanov and Vadim Gennadievich Pogodin are members of Evil Corp who have provided general support for the activities of the cybercriminal group.
In 2019, Sergey Ryzhenkov, brother of Alexander Ryzhenkov, helped move Evil Corp's operations to a new office. In 2020, after the imposition of sanctions against Evil Corp and the filing of an indictment, Sergey Ryzhenkov helped Alexander Ryzhenkov and Maxim develop the "Dridex 2.0" malware. From 2017 to at least 2018, Shchetinin worked with several other members of Evil Corp, including Denis Igorevich Gusev, Dmitry Konstantinovich Smirnov, and Alexei Bashlikov, to buy and exchange millions of dollars worth of virtual and fiat currencies. In early 2020, Pogodin played a crucial role in the Evil Corp ransomware attack, and in mid-2020, he facilitated the Evil Corp ransomware attack on the American company.
OFAC has designated Alexander Ryzhenkov, Sergey Ryzhenkov, Shchetinin, Ramazanov, and Pogodin pursuant to E.O. 13694, as amended, for providing material assistance, sponsoring, or providing financial, material, or technological support, goods, or services in support of Evil Corp, individuals whose property and interests in property are blocked pursuant to E.O. 13694, as amended.
In addition to today's sanctions, the U.S. Department of Justice has released an indictment indicting Alexander RyzhIn the United States, the company has been able to use the BitPaymer Ransomware to prosecute numerous victims throughout the United States. Alexander Ryzhenkov used various methods to invade computer systems and used his illegally obtained access to demand millions of dollars in ransom. The Federal Bureau of Investigation has published a wanted listing for Alexander Ryzhenkov for his alleged involvement in ransomware attacks and money laundering. Also today, the United Kingdom listed 15 and Australia listed three members and affiliates of Evil Corp.
Source
BENDERSKIY, Eduard Vitalyevich (a.k.a. BENDERSKI, Eduard Vitalevich; a.k.a. BENDERSKII, Eduard Vitalyevich; a.k.a. BENDERSKY, Eduard Vitalevich), Russia; DOB 25 Jun 1970; nationality Russia; citizen Russia; Gender Male; Secondary sanctions risk: See Section 11 of Executive Order 14024.; Tax ID No. 500103441868 (Russia) (individual) [CYBER2] [RUSSIA-EO14024] (Linked To: YAKUBETS, Maksim Viktorovich).
POGODIN, Vadim Gennadievich (Cyrillic: POGODIN, Vadim Gennadievich) (a.k.a. "BIBA"; a.k.a. "SHGRYUV"), Moscow, Russia; DOB 19 Mar 1986; POB Moscow, Russia; nationality Russia; Gender Male; Passport 642774845 (Russia); National ID No. 4508703790 (Russia) (individual) [CYBER2] (Linked To: EVIL CORP).
RAMAZANOV, Beyat Enverovich (Cyrillic: RAMAZANOV, Beyat Enverovich) (a.k.a. RAMAZANOV, Beiat (Cyrillic: RAMAZANOV, Beyat)), Moscow, Russia; DOB 05 Jan 1988; POB Moscow, Russia; nationality Russia; Gender Male; Passport 735947775 (Russia); alt. Passport 641209339 (Russia); National ID No. 4509701463 (Russia); Tax ID No. 77017321838 (Russia) (individual) [CYBER2] (Linked To: EVIL CORP).
RYZHENKOV, Aleksandr Viktorovich (a.k.a. "CHERDAKMUDAK"; a.k.a. "GUESTER"; a.k.a. "MALOY, Sanya"; a.k.a. "MALOY, Sasha"), Russia; DOB 26 May 1993; nationality Russia; Gender Male; Passport 643501126 (Russia) (individual) [CYBER2] (Linked To: EVIL CORP).
RYZHENKOV, Sergey Viktorovich (a.k.a. "MALOY, Serega"; a.k.a. "POCH"; a.k.a. "STEN"), Moscow, Russia; DOB 15 Feb 1989; POB Uzbekistan; nationality Russia; Gender Male; Passport 712199247 (Russia); National ID No. 3609048460 (Russia) (individual) [CYBER2] (Linked To: EVIL CORP).
SHCHETININ, Aleksey Yevgenevich (a.k.a. SCHETININ, Alex; a.k.a. SHCHETININ, Alexey; a.k.a. "SHCHETININ, Lesha"), Russia; DOB 22 Aug 1987; nationality Russia; Gender Male; Passport 760960574 (Russia); alt. Passport 713133176 (Russia); National ID No. 4509396564 (Russia) (individual) [CYBER2] (Linked To: EVIL CORP).
SUISSA, Avichai (Hebrew: אביחי סוויסה) (a.k.a. SVISA, Avihai), Yishuv HaDa'at, West Bank; DOB 01 Jul 1986; nationality Israel; Gender Male; National ID No. 038172441 (Israel) (individual) [WEST-BANK-EO14115].
YAKUBETS, Viktor Grigoryevich (a.k.a. YAKUBETS, Victor), Russia; DOB 19 Feb 1964; nationality Russia; Gender Male (individual) [CYBER2] [RUSSIA-EO14024] (Linked To: EVIL CORP).
YARDENI, Eitan (Hebrew: איתן ירדני), Ma'on Farm Outpost, West Bank; DOB 06 Jun 2001; nationality Israel; Gender Male; National ID No. 212076517 (Israel) (individual) [WEST-BANK-EO14115].
Source
In the United States, a Russian was charged with using BitPaymer malware
Charges have been brought against Russian citizen Alexander Ryzhenkov in the case of using the BitPaymer ransomware to steal confidential data of residents of Texas and other states in order to further obtain funds, the US Department of Justice said in a statement.
According to the indictment, since at least June 2017, Ryzhenkov allegedly gained unauthorized access to information stored in the victims' computer networks.
According to the U.S. Attorney's Office, Ryzhenkov and his accomplices used a strain of ransomware known as BitPaymer to encrypt the victims' files, thereby denying them access to the data.
After that, the victims' computers received emails containing ransom demands and instructions on how to contact the attackers to start appropriate negotiations.
According to the prosecution, Ryzhenkov and his accomplices allegedly demanded that the victims pay a ransom in order to receive the decryption key and prevent the disclosure of their confidential information on the Internet.
The indictment also alleges that Ryzhenkov and others used a variety of methods to infiltrate computer systems, including phishing campaigns, malware, and vulnerabilities in computer hardware and software.
The total amount of damage to the victims of the actions of Ryzhenkov and his alleged accomplices is "millions of dollars," the US Department of Justice said in a statement.
In connection with the publication of the indictment, the Office of Foreign Assets Control of the US Department of the Treasury announced that Ryzhenkov, who is allegedly currently in Russia, was included in the list of specially designated citizens.
This sanction blocks the property and interests of the relevant person in the United States, and prohibits US financial institutions from participating in certain transactions and conducting operations involving such a person, the Department of Justice emphasizes.
• Source: https://www.justice.gov/opa/pr/russian-national-indicted-series-ransomware-attacks
• Source: https://www.fbi.gov/wanted/cyber/aleksandr-ryzhenkov
• Source: https://storage.courtlistener.com/recap/gov.uscourts.txnd.374544/gov.uscourts.txnd.374544.1.0.pdf
