Kingpin of Evil Corp lived large. Now there’s a $5 million bounty on his head

Federal prosecutors have indicted the kingpin of Evil Corp, the name used by a cybercrime gang that used the notorious Dridex malware to drain more than $70 million from bank accounts in the US, UK, and other countries. Maksim V. Yakubets, a 32-year-old Russian national who used the handle "Aqua," led one of the world's most advanced transnational cybercrime syndicates in the world, prosecutors said on Thursday. The crime group's alleged deployment of Dridex was one of the most widespread malware campaigns ever. The UK's National Crime Agency said the syndicate used the name Evil Corp. Dridex was configured to target the customers of almost 300 different organizations in more than 40 countries by automating the theft of online banking credentials and other confidential information from infected computers. Over time, Dridex creators updated the malware to install ransomware. Previously known as Bugat and Cridex, Dridex used zeroday exploits and malicious attachments in emails to infect targets. The malware was designed to bypass antivirus and other security defenses. Yakubets and another alleged Dridex operator, 38-year-old Igor Turashev, also from Russia, allegedly used the captured banking credentials to order electronic money transfers from compromised accounts. Prosecutors said the men funneled the stolen funds into the accounts of money mules who would move the funds into other accounts or convert them to cash and smuggle it overseas. Yubets was the leader of the crime group, prosecutors said. Turashev allegedly handled a host of roles, including system administration, management of an internal control panel, and oversight of a botnet that controlled infected computers. Confiscated images and videos released by UK authorities show alleged members of Evil Corp living large. One photo shows Yakubets and his bride celebrating their 2017 wedding with a lavish chandelier above them. Other images and videos show off expensive sports cars. Yakubets also stands accused of providing "direct assistance" to the Federal Security Service of the Russian Federation, the KGB successor that's better known as the FSB. "In addition to his leadership role within Evil Corp, Yakubets has also provided direct assistance to the Russian government," officials with the US Treasury Department said. "As of 2017, Yakubets was working for the Russian FSB, one of Russia's leading intelligence organizations that was previously sanctioned pursuant to E.O. 13694, as amended, on December 28, 2016."

Before Dridex, there was Zeus

Before Dridex came into being, Yakubets and co-conspirators allegedly used a different banking trojan known as Zeus to infect thousands of computers and capture passwords, account numbers, and other information needed to gain unauthorized access to bank accounts. Prosecutors said Yakubets and the co-conspirators attempted the theft of about $220 million, with actual losses of $70 million from victims' bank accounts. Yakubets' alleged role was to provide money mules and the banking credentials needed to move the money withdrawn from victim accounts. A 10-count indictment unsealed in Pittsburgh, Pennsylvania, on Thursday charges Yakubets and Turashev with conspiracy, computer hacking, wire fraud, and bank fraud in connection with the distribution of Dridex. Businesses targeted by Dridex, the indictment said, included First National Bank, headquartered in Pittsburgh; the First Commonwealth Bank in the city of Indiana, Pennsylvania; the Sharon City School District in Pennsylvania; Penneco Oil Company in Delmont, Pennsylvania; Remington Outdoor Company in Madison, North Carolina; 84 Lumber in Eighty Four, Pennsylvania; Kurt J. Lesker Company in Jefferson Hills, Pennsylvania; and JWF Industries in Johnstown, Pennsylvania. A separate criminal complaint was unsealed in Lincoln, Nebraska. It charged Yakubets with conspiracy to commit bank fraud in connection with Zeus. The US State Department's Transnational Organized Crime Rewards Program is offering a reward of up to $5 million for information that leads to the arrest or conviction of the defendant. While the defendant is currently at large, authorities expect the charges will hamper the operation he's alleged to lead. "If Yakubets, who used the online moniker 'Aqua,' ever leaves the safety of Russia, he will be arrested and extradited to the US," said officials with the UK's National Crime Agency, which worked with the US FBI in investigating the case. "It also restricts his ability to operate with other criminals who will find him toxic to deal with."