em360tech image

When you hear "Evil Corp ransomware", you might think of the fictional corporation from Resident Evil. However, in the world of cybersecurity, Evil Corp is a real and dangerous cybercriminal organization. Known for deploying malicious software to steal money from victims’ bank accounts and launch devastating ransomware attacks, this group has been a prime target of law enforcement for years.

Despite U.S. government sanctions and the 2019 indictment of 17 members, Evil Corp hackers remain active today. In this article, we’ll uncover their cybercriminal activities, their most notorious ransomware attacks, and essential tips on how businesses can protect themselves from Evil Corp ransomware.

What is Evil Corp?

Evil Corp is known for its involvement in large-scale financial crimes. Believed to be based in Russia, this group has been active since at least 2007, targeting organizations and individuals worldwide.

This gang is particularly known for using advanced malware to steal millions of dollars from banks, businesses, and individuals. Their attacks have caused widespread financial damage, making Evil Corp one of the most dangerous cybercriminal organisations in the world.

The group is allegedly led by Maksim Yakubets, who goes by the online pseudonym "Aqua." Yakubets is a high-profile figure in the cybercrime world and is known for his lavish lifestyle, which includes owning luxury cars and maintaining ties with influential figures.

Evil Corp's Ties to Russia

According to U.S. and U.K. authorities, Evil Corp's leader, Maksim Yakubets, has close ties to the Russian government. He allegedly offered access to the Dridex malware to a U.K. resident for $100,000 upfront, plus weekly profits. Despite sanctions, Yakubets and his group continue to wreak havoc globally.

who is evil corp

Poster provided by the U.S. Department of Justice showing Maxsim Yukabets.

The U.S. Department of Justice (DOJ) and the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) have charged Yakubets and his associates with multiple crimes, including conspiracy, wire fraud, and bank fraud.

In December 2019, the U.S. government announced a $5 million reward for information leading to Yakubets' capture, marking the highest reward ever offered for a cybercriminal.

Evil Corp Leadership

Evil Corp is one of the most notorious cybercrime organisations, known for its high scalability and adaptability, making it a leading threat to global cybersecurity. At the heart of this operation is its alleged leader, Yakubets, a Moscow native who has been instrumental in shaping Evil Corp’s influence since the early 2000s.

Initially, Yakubets managed operations involving the Zeus banking Trojan, the predecessor to the notorious Dridex malware, which has wreaked havoc on financial institutions worldwide. During this time, Yakubets was responsible for overseeing a vast network of money mules used to launder millions in stolen funds from Zeus attacks.

Under Yakubets' leadership, Evil Corp is believed to have stolen over $100 million through sophisticated bank fraud and cybercrime schemes. Some of the most notable victims include:

  • Penneco Oil Company – lost $3.5 million in two transactions.
  • Franciscan Sisters of Chicago – an order of nuns robbed of more than $24,000.
  • Arizona Beverages – lost millions in sales due to infrastructure breakdown caused by cyberattacks.

History of Evil Corp's Attacks

1. The Dridex Malware

One of Evil Corp's most notorious tools is the Dridex malware, a banking Trojan designed to steal personal banking information and credentials.

Dridex is spread primarily through phishing emails that contain malicious attachments or links. Once the malware infects a system, it can capture keystrokes, redirect web traffic, and inject malicious code into banking websites to steal login information.

This highly sophisticated malware has affected numerous financial institutions and individuals, making it one of its most dangerous threats. 

2. WastedLocker Ransomware

In addition to Dridex, Evil Corp is also associated with the WastedLocker ransomware. This ransomware encrypts the victim's files and demands a ransom in exchange for the decryption key. WastedLocker is particularly damaging because it targets large organizations, often causing significant disruption and financial losses.

The ransomware is known for its precision in targeting specific entities, often selecting high-value targets that can afford to pay large ransoms.

This calculated approach ensures that the financial impact is substantial, pushing affected companies to consider paying the ransom to regain access to their critical data quickly.

The aftermath of a WastedLocker attack can be devastating, resulting in prolonged operational downtime, loss of sensitive information, and substantial recovery costs.

This level of disruption highlights the importance of strong cybersecurity defences and comprehensive incident response plans for organisations of all sizes.

Operations and Tactics

1. Phishing Attacks

Phishing is a common tactic used by Evil Corp to distribute its malware. The group sends emails that appear to be from legitimate sources, such as banks or well-known companies. These emails contain malicious attachments or links that, when opened, install malware on the victim's computer.

2. Exploiting Software Vulnerabilities

Evil Corp also exploits vulnerabilities in software to gain access to victims' systems. They use sophisticated techniques to identify and exploit these vulnerabilities before they can be patched by software developers. This method allows them to infiltrate systems undetected and deploy their malware.

3. Malware Distribution

Once Evil Corp gains access to a system, they deploy their malware, such as Dridex or WastedLocker, to carry out their attacks. The malware can remain undetected for extended periods, allowing the group to steal sensitive information or encrypt files and demand ransom payments.

Protecting Yourself from Evil Corp

To safeguard against the sophisticated cyber threats posed by Evil Corp, it is essential to implement a comprehensive cybersecurity strategy.

Regularly updating your operating system, applications, and security software is crucial in protecting against known vulnerabilities. So is utilising strong, complex passwords and changing them regularly, and a password manager can assist in generating and securely storing these passwords.

Multi-factor authentication (MFA) is also incredibly important, adding an extra layer of security to make it significantly harder for unauthorised users to gain access. 

Advanced Security Measures

Beyond basic security practices, deploying reputable antivirus programs with anti-malware features can provide robust protection against Evil Corp's malware. Ensuring your firewall is active helps block unauthorised access to your network, enhancing overall security.

Regularly backing up your data to an external drive or cloud service is vital; ensure these backups are encrypted and stored securely to protect your information from ransomware attacks.

who is evil corp gang

Developing and implementing a disaster recovery plan can significantly improve your ability to quickly restore operations in case of a cyberattack, minimising disruption and financial losses. By adopting these advanced security measures, individuals and organisations can bolster their defences against the pervasive threats posed by Evil Corp.

Evil Corp is a cybercriminal group that poses a significant threat to individuals, businesses, and financial institutions worldwide. By understanding how this group operates and taking proactive measures, you can better protect yourself and your organization from their malicious activities.

Staying informed about the latest cybersecurity threats, practising strong security habits, and using reliable security tools are essential steps in defending against the sophisticated tactics employed by Evil Corp.