In a significant development, the UK’s National Crime Agency (NCA) has named Aleksandr Ryzhenkov as a key figure in the notorious Russian cybercrime group Evil Corp, while also identifying him as an affiliate of the LockBit ransomware operation. This revelation marks the first official linkage between the two criminal enterprises.
Ryzhenkov, known by his alias “Beverley,” is believed to have been active in LockBit ransomware attacks since 2022, orchestrating over 60 incidents that resulted in approximately $100 million in extortion attempts. These attacks leveraged LockBit’s tools, underlining the growing overlap between major ransomware groups and the use of Ransomware-as-a-Service (RaaS) models.
Evil Corp, known for its leadership under Maksim Yakubets, has been a dominant force in the cybercriminal world since at least 2009. The group initially gained notoriety for distributing the Dridex banking malware, a campaign that targeted financial institutions globally. Over the years, Evil Corp shifted tactics, venturing into ransomware with the BitPaymer variant and other strains. The NCA claims that Ryzhenkov and Yakubets maintain a close personal and professional relationship, which has fueled the success of their criminal ventures.
The relationship between Evil Corp and Russian security services is also highlighted in the NCA’s findings, with suggestions that the group’s activities have often aligned with broader state interests, offering them a degree of impunity. This protection has allowed them to continue their operations despite international sanctions and law enforcement actions.
The unmasking of Ryzhenkov follows a broader operation dubbed “LockBit Leak Week,” where authorities revealed the identities of nearly 200 affiliates tied to LockBit. The continued cooperation between international law enforcement agencies such as the NCA, FBI, and European authorities signals an ongoing effort to dismantle these cybercrime syndicates, but challenges remain, given their ties to state actors and sophisticated operational structures.
Further Reading:
- National Crime Agency official announcement
- Bitwise Spider (Crowdstrike)
- Indrik Spider (Crowdstrike)