Blog Details

  • Home
  • Blog
  • International Law Enforcement Targets LockBit Ransomware Group with Arrests and Sanctions
International Law Enforcement Targets LockBit Ransomware Group with Arrests and Sanctions

International Law Enforcement Targets LockBit Ransomware Group with Arrests and Sanctions

In a significant strike against cybercrime, a coordinated international law enforcement operation has resulted in the arrests of four individuals and the takedown of nine servers linked to the notorious LockBit (aka Bitwise Spider) ransomware operation. The move is the latest in the global crackdown on one of the most prolific financially motivated ransomware groups.

Among those arrested is a suspected LockBit developer detained in France while on vacation. Additionally, two suspects in the U.K. were apprehended for allegedly supporting a LockBit affiliate, and an administrator of a bulletproof hosting service in Spain was also arrested, according to Europol.

Operation Cronos and Aleksandr Ryzhenkov’s Exposure

As part of Operation Cronos, authorities revealed the identity of Aleksandr Ryzhenkov, a Russian national who goes by several aliases, including Beverley, Corbyn_Dallas, G, Guester, and Kotosel. Ryzhenkov is a high-ranking member of the Evil Corp cybercrime syndicate and is also linked to LockBit activities. The operation led to the imposition of sanctions on seven individuals and two entities connected to the Evil Corp e-crime group.

The U.S. Treasury's Acting Under Secretary for Terrorism and Financial Intelligence, Bradley T. Smith, emphasized that the United States and its allies will continue to target and disrupt cybercriminal organizations that exploit their victims for personal gain.

This operation comes roughly eight months after LockBit’s online infrastructure was dismantled. It follows sanctions levied earlier against Dmitry Yuryevich Khoroshev, who was unmasked as the administrator behind the "LockBitSupp" persona.

Evil Corp's Long History of Cybercrime

The U.K. National Crime Agency (NCA) has previously sanctioned 16 individuals tied to Evil Corp, also known as Gold Drake and Indrik Spider. The group has been active since 2014, primarily targeting financial institutions and banks by stealing user credentials to facilitate fraudulent fund transfers. They are responsible for creating and deploying the Dridex (aka Bugat) malware.

Evil Corp gained notoriety when it began using LockBit and other ransomware strains in 2022, circumventing sanctions imposed on its key members in December 2019, including Maksim Yakubets and Igor Turashev.

Ryzhenkov, described as Yakubets’ right-hand man, was accused by the U.S. Department of Justice (DoJ) of using BitPaymer ransomware to target victims across the country since at least June 2017. He is said to have created more than 60 LockBit ransomware builds and sought to extort $100 million from victims.

Broader Connections to Russian State and Intelligence Services

The crackdown has shed light on deep connections between Evil Corp members and the Russian government, particularly the Federal Security Service (FSB). Viktor Yakubets, the father of Maksim, and Eduard Benderskiy, a former high-ranking FSB official and Maksim's father-in-law, have also been sanctioned.

Benderskiy played a critical role in protecting Evil Corp members by leveraging his influence with Russian intelligence services. Prior to the 2019 sanctions, the group was allegedly tasked with carrying out cyber espionage and attacks against NATO allies, further solidifying its ties with the Russian state.

This latest wave of arrests and server takedowns represents a crucial step in curbing LockBit and Evil Corp's influence on the global ransomware landscape. The collaboration among international law enforcement agencies demonstrates a unified effort to hold cybercriminals accountable, no matter their affiliations or geographic location.

 

© 2016 - 2025 Red Secure Tech Ltd. Registered in England and Wales under Company Number: 15581067