Banking and Finance Law Daily OFAC slaps sanctions on Russia-based cybercriminal group that caused $100 million in theft
Friday, December 6, 2019

OFAC slaps sanctions on Russia-based cybercriminal group that caused $100 million in theft

By John M. Pachkowski, J.D.

The Russia-based cybercriminal organization Evil Corp, that caused $100 million in theft due to its Dridex malware, has been sanctioned by OFAC and its leader has a $5 million bounty on his head.

The Office of Foreign Assets Control has imposed economic sanctions against Evil Corp, the Russia-based cybercriminal organization responsible for the development and distribution of the Dridex malware. Evil Corp has used the Dridex malware to infect computers and harvest login credentials from approximately 300 of banks and financial institutions in over 40 countries, causing more than $100 million in theft and millions of dollars of damage to U.S. and international financial institutions and their customers.

OFAC issued the sanctions under it cyber-related sanctions regulations which blocks all property and interests in property of 17 individuals and seven entities subject to U.S. jurisdiction, and U.S. persons are generally prohibited from engaging in transactions with them. Additionally, any entities 50 percent or more owned by one or more designated persons are also blocked. Foreign persons may be subject to secondary sanctions for knowingly facilitating a significant transaction or transactions with these designated persons.

In addition to the OFAC designations, the Justice Department announced the unsealing of criminal charges against Maksim V. Yakubets in his alleged role as Evil Corp’s leader. A second individual, Igor Turashev, was also indicted for his alleged role related to the "Bugat" malware conspiracy. The State Department also announced a reward for information up to $5 million leading to the capture or conviction of Yakubets.

Finally, based on information obtained by the Financial Crimes Enforcement Network, the Treasury Department’s Office of Cybersecurity and Critical Infrastructure Protection released previously unreported indicators of compromise associated with the Dridex malware and its use against the financial services sector.

Commenting on the OFAC designation, Treasury Secretary Steven T. Mnuchin said, "Treasury is sanctioning Evil Corp as part of a sweeping action against one of the world’s most prolific cybercriminal organizations. This coordinated action is intended to disrupt the massive phishing campaigns orchestrated by this Russian-based hacker group." He added, "OFAC’s action is part of a multiyear effort with key NATO allies, including the United Kingdom. Our goal is to shut down Evil Corp, deter the distribution of Dridex, target the ‘money mule’ network used to transfer stolen funds, and ultimately to protect our citizens from the group’s criminal activities."

Following the unsealing of the Yakubets changes, Assistant Attorney General Brian A. Benczkowski noted, "Maksim Yakubets allegedly has engaged in a decade-long cybercrime spree that deployed two of the most damaging pieces of financial malware ever used and resulted in tens of millions of dollars of losses to victims worldwide." He added, "These two cases demonstrate our commitment to unmasking the perpetrators behind the world’s most egregious cyberattacks. The assistance of our international partners, in particular the National Crime Agency of the United Kingdom, was crucial to our efforts to identify Yakubets and his co-conspirators."

Companies: Evil Corp

MainStory: TopStory BankingOperations BankSecrecyAct CrimesOffenses EnforcementActions

Back to Top

Interested in submitting an article?

Submit your information to us today!

Learn More

Banking and Finance Law Daily: Breaking legal news at your fingertips

Sign up today for your free trial to this daily reporting service created by attorneys, for attorneys. Stay up to date on banking and finance legal matters with same-day coverage of breaking news, court decisions, legislation, and regulatory activity with easy access through email or mobile app.