US Government agencies have offered a $5 million reward for information leading to the arrest of the leader of the cyber-crime group Evil Corp.
Evil Corp's alleged leader Maksim V Yakubets and administrator Igor Turashev have been charged in a 10-count indictment, including bank fraud, conspiracy, computer hacking and wire fraud.
The Russian nationals run a decade-spanning criminal network that has looted the accounts of customers and businesses in the UK and the US to the tune of at least $100 million. The group is behind the Dridex malware and its variants which uses compromised credentials to fraudulently transfer funds from victims’ bank accounts. As of 2016, Evil Corp had harvested banking credentials from customers at approximately 300 banks and financial institutions in over 40 countries.
Co-ordinated international action to shut down Evil Corp botnets have so far had limited success. The UK's National Crime Agency and the US crime fighting agency agency FBI in 2015 briefly disabled the Dridex botnet. Within weeks Evil Corp were able to adapt the malware and infrastructure to resume criminal activities. In the same year, another operation led to the arrest of Andrey Ghinkul, a Dridex distributor known as ‘Smilex’.
Investigations in the UK by the NCA and the Metropolitan Police have also targeted Yakubets’ network of money launderers who have funnelled profits back to Evil Corp. Eight people have been sentenced to a total of over 40 years in prison.
Yakubets, who drives a customised Lamborghini supercar with a personalised number plate that translates to ‘Thief’ and spent over a quarter of a million pounds on his wedding, is now subject to a $5 million US State Department reward - the largest ever reward offered for a cyber criminal.
Lynne Owens, director general of the NCA, says: “The significance of this group of cyber criminals is hard to overstate; they have been responsible for campaigns targeting our financial structures with multiple strains of malware over the last decade. We are unlikely to ever know the full cost, but the impact on the UK alone is assessed to run into the hundreds of millions.
“It is our assessment that Maksim Yakubets and Evil Corp - the cyber crime group he controls - represent the most significant cyber crime threat to the UK.".