According to Winfuture, Russian ransomware groups have found a safe place in their home country, where they can act without fear of law action from other states. This has made Russia a hub for cybercrime. But it doesn’t stop there. These hackers now seem to be in close contact with their government, helping it with secret jobs.
Evil Corp: A Notorious Crime Group
Bloomberg reports that one of the most well-known Russian ransomware groups is Evil Corp. This group has made headlines many times, not just for its bold attacks but also for its ties to Russia’s state groups. Evil Corp has a long list of crimes under its name, but in recent times, it has been accused of doing much more. Bloomberg reports that the group is now working directly with state forces to hit back at other nations. These claims have been made by the British National Crime Agency (NCA), which has shared new facts on Evil Corp’s deeds.
The leader of Evil Corp, Maksim Jakubetz, is known not just for his hacking skills but also for his flashy lifestyle. He drives a Lamborghini, showing off the huge sums of cash the group has made over the years. Before 2019, Jakubetz’s group had already been carrying out cyber attacks on banks and other firms in many lands. The NCA believes that the group has now shifted gears and is taking part in spy tasks for the Russian Secret Services.
The Crimes of Evil Corp
Evil Corp takes a part in major money crime. In fact, there are reports that they are responsible for missing funds in over 40 countries. The US Government took action in December 2019 by placing sanctions on the group. The US believes that Jakubetz helps the Russian state by passing on secret papers.
But the crimes don’t stop at stealing cash. The NCA now claims that Jakubetz and his group have also taken part in cyber spying, aiming at NATO states. While exact facts about these attacks are not public, the group’s ties to Russia’s Secret Service show that these crimes were likely part of a bigger plan. The group have close ties to bodies such as the FSB, SWR, and GRU—all key parts of the Russian spy game.
It is worth noting that Jakubetz’s father-in-law, Eduard Benderskiy, has also played a key role in keeping the group safe from harm. Benderskiy is a past high-ranking official of the FSB, Russia’s main spy agency. His close ties to state groups have helped Evil Corp avoid the full weight of law from abroad. After the sanction on Evil Corp in 2019, there were reports that it had some shield from any local punishment in Russia, thanks to Benderski.
LockBit: Another Key Player
Jakubetz and his group are not the only players in this cybercrime ring. Another well-known group in this field is LockBit, which has also made headlines for its attacks on big firms like Boeing and the British Royal Mail. One of the key members of Evil Corp, Aleksandr Ryzhencov, also has links to LockBit.
Ryzhencov, known by the code name “Beverley,” is accused of trying to steal close to 100 million dollars. His crimes do not stop there, as he is also said to have hit 60 firms with ransomware, adding to his list of victims. LockBit itself has become one of the most active ransomware groups, known for its bold attacks. Western law forces have taken note, and in February, they made their move by shutting down LockBit’s site and exposing the identity of one of its leaders.
The good news is that LockBit and its members are now feeling the heat from law bodies in many lands. According to the NCA, there have been several arrests of suspects that have links to LockBit. In these raids, there were multiple arrests in the UK, France and Spain and the seizure of nine servers. This shows that while these groups can hide in Russia, they are still within reach of law forces elsewhere.
The Role of the Russian State
Historically, we know Russia as a jurisdiction where hackers operate with minimal apprehension of legal consequences from foreign authorities. As long as they refrain from targeting Russian enterprises or governmental institutions, these cybercriminal organizations will not face any investigation. However, what is increasingly concerning is the growing collaboration between these cybercriminal groups and state agencies such as the FSB and GRU. This development goes beyond mere financial theft or corporate disruption. These cyber syndicates are now likely instruments within Russia’s broader geopolitical strategy to retaliate against NATO and other adversarial states.
This symbiotic relationship allows these groups not only to function with impunity but also to execute missions on behalf of the state. In return, the government provides them with protection from any substantial legal repercussions within Russia. Thus, they have an ecosystem where both parties benefit. Consequently, even as law enforcement agencies in the United Kingdom, France, and other allied nations intensify their efforts to dismantle these groups, the underlying issue will persist as long as Russia continues to offer them sanctuary.
As demonstrated by groups such as Evil Corp and LockBit, these Russian ransomware groups not merely small-scale criminal operations. They are expansive, highly organized groups with government endorsement, positioning them as significant threats to corporations and governments globally. This escalating collaboration between state intelligence agencies and cybercriminal organizations is scary. It suggests that the prevalence of ransomware attacks and cyber espionage activities will continue to increase.