A new setback for LockBit’s ransomware hackers. As part of the ongoing Operation Cronos, Europol and Eurojust recently arrested members of the group and seized equipment. In addition, Evil Corp’s second-in-command, Russian Aleksandr Ryzhenkov, was sanctioned and earmarked as an accomplice of LockBit.
In the ongoing battle against ransomware gangs and parties like LockBit and Evil Corp, Europol and Eurojust have struck another blow. Authorities in France detained a suspected developer for LockBit, and in the United Kingdom, police arrested two LockBit affiliates. In Spain, a bulletproof hosting administrator disappeared behind bars. Spanish police also seized nine servers in this latest action.
Sanctions for Evil Corp deputy
At the same time, the United States, UK and Australia imposed sanctions on Russian Aleksandr Ryzhenkov (aka Beverley). He is considered the second-in-command of the Russian ransomware gang Evil Corp, which has close ties to the Russian security service FSB.
Interestingly, the Russian was also disclosed as a LockBit affiliate, meaning he is a link in the close collaboration between the two gangs. Affiliates may distribute another party’s ransomware in exchange for a share of criminal profits. A group may have multiple affiliates, promising the most money to the most successful affiliate. LockBit, by the way, denies this connection. In addition to Ryzhenkov, 16 individuals with relationships with Evil Corp also got their mugs on the U.S. sanctions list.
Ransomware affiliates targeted
According to security experts, police actions have damaged the ransomware affiliate market significantly. Back in February this year, Operation Cronos succeeded in dismantling the LockBit infrastructure. The ransomware gang now only manages to establish its presence through blogs on the Dark Web but is seeing that its more above-ground affiliate network is also being targeted.
Also read: Ransomware payments reach record high: more than 1 billion euros