Aleksandr Ryzhenkov, a Russian national, has been named as a major figure in the notorious cybercrime group Evil Corp and as an affiliate of the LockBit ransomware gang. The U.S. Department of Justice (DOJ) also charged Ryzhenkov with using BitPaymer ransomware to extort businesses in the United States. The announcement comes amid a series of coordinated arrests in Europe, including two suspected money launderers in the U.K. and a LockBit developer in France, along with a suspected owner of a “bulletproof hosting” company arrested in Spain.
Nicole Argentieri, head of the DOJ’s Criminal Division, stated, “Aleksandr Ryzhenkov extorted victim businesses throughout the United States by encrypting their confidential information and holding it for ransom.” The U.S. Treasury, the U.K., and Australian authorities have also imposed new financial sanctions on several individuals linked to Ryzhenkov’s activities and the broader Evil Corp network.
Ryzhenkov’s role in both Evil Corp and LockBit was detailed in a joint report from the U.S., U.K., and Australia, identifying him alongside Eduard Benderskiy, a former Russian intelligence official believed to have protected the group from Russian authorities. The three nations also announced that 16 individuals would be added to their financial sanctions lists, including 15 associated with Evil Corp.
Bradley Smith of the U.S. Treasury commented, “Today’s trilateral action underscores our collective commitment to safeguard against cybercriminals like ransomware actors, who seek to undermine our critical infrastructure and threaten our citizens.”
Earlier this year, law enforcement officials managed to seize much of LockBit’s infrastructure, significantly reducing its operational capacity. Despite this, the group continues to operate, though now using alternative methods.
Authorities have noted that much of the data allegedly compromised by LockBit’s affiliates was either fake or misattributed, with several so-called “victims” being companies that were either not targeted or only minimally affected. The National Crime Agency (NCA) also confirmed that LockBit’s victim data from 2023 was never deleted, despite assurances from the group.
This move marks a continuation of global efforts to disrupt and dismantle ransomware organizations that pose severe threats to businesses and national security.
