Global Police Effort Leads to Arrests Of LockBit, EvilCorp Affiliates
Read also: the US charges money launderers linked to Rescator and Joker’s Stash, a police op dismantles a cybercrime ring in West Africa, and more.
Thursday, October 3, 2024
New arrests and sanctions announced linked to EvilCorp, LockBit cybercrime groups
In a recent coordinated effort targeting the LockBit ransomware group, law enforcement arrested four individuals and seized critical infrastructure linked to the gang. Europol confirmed the arrest of a suspected LockBit developer, while two others were apprehended in the UK for aiding a LockBit affiliate. Additionally, Spanish authorities took down nine servers and arrested an administrator of a hosting service used by the group.
Australia, the UK, and the US imposed sanctions on a LockBit affiliate linked to the notorious Russian cybercrime syndicate known as ‘Evil Corp.’ The UK authorities sanctioned 15 Russian citizens involved with Evil Corp, and the US and Australia sanctioned additional members.
Evil Corp, initially a Moscow-based financial crime group, evolved into a major cybercrime entity, extorting over $300 million globally. Key figures such as Maksim Yakubets and Igor Turashev were indicted in the US in 2019 for using malware like BitPaymer and Dridex, targeting over 40 countries. The most recent UK sanctions also target Eduard Benderskiy, Yakubets’ father-in-law and a former FSB official, who helped Evil Corp build relationships with Russian intelligence.
Additionally, Yakubets' close associate, Aleksandr Ryzhenkov, was identified as a LockBit affiliate and charged by the US authorities with ransomware attacks.
The US charges money launderers linked to Rescator and Joker’s Stash carding websites
US authorities have charged multiple individuals involved in Russian money laundering operations tied to notorious carding websites like Rescator and Joker’s Stash, facilitating the sale of stolen financial data and personally identifiable information (PII) from millions of victims.
Key individuals charged include Sergey Sergeevich Ivanov and Timur Shakhmametov, both of whom are accused of running illicit cryptocurrency exchanges used to launder hundreds of millions of dollars. The operations, including services such as PM2BTC and Cryptex, allegedly processed more than $1.15 billion in illegal transactions. A substantial portion of these funds came from criminal activities such as ransomware payments, fraud, and Dark Web market transactions.
Ivanov is alleged to have operated multiple Russian-based payment services, including UAPS, PinPays, and PM2BTC used by cybercriminals. The US authorities seized multiple domains linked to Ivanov’s money laundering services, including UAPS and PM2BTC. Ivanov was also involved in the operations of Rescator, one of the most infamous carding websites, providing payment processing infrastructure.
Timur Shakhmametov, aka ‘JokerStash’ and ‘Vega,’ allegedly operated Joker’s Stash, a notorious carding site that sold data from millions of payment cards annually. He is now facing charges related to conspiracy to commit bank fraud, access device fraud, and money laundering. In addition, the US Secret Service has seized the domains Cryptex[.]net and Cryptex[.]one, which were tied to the administration of the cryptocurrency exchange Cryptex, a platform that marketed itself directly to cybercriminals. Furthermore, Russian authorities have detained 96 people associated with a cybercrime services ring, including UAPS, Cryptex, and 33 other services.
Cybersecurity Compliance
Prevent data breaches and meet regulatory requirements
A Briton charged in a multimillion-dollar hack-to-trade scheme targeting US firms
British national Robert B. Westbrook has been charged in the US with orchestrating a hacking operation targeting American companies, allowing him to illegally trade on the stock market using insider information. The scheme allegedly netted Westbrook more than $3.75 million in illicit profits.
According to officials, Westbrook hacked into Microsoft Office365 email accounts belonging to corporate executives at US-based companies to access confidential earnings reports. Using this information, Westbrook purchased securities that he quickly sold for substantial gains once the companies publicly released the earnings data.
Westbrook set up auto-forwarding rules in the email accounts he hacked, which allowed sensitive documents to be automatically forwarded to email accounts under his control without detection.
Westbrook was arrested last week in the UK, and US authorities are currently seeking his extradition. He faces multiple charges, including wire fraud, securities fraud, and computer hacking. If convicted, he could face decades of imprisonment and millions in fines.
Two men sentenced for selling the data of millions of Americans to scammers
A US court sentenced two men to federal prison for their involvement in a decade-long fraud operation that defrauded hundreds of thousands of Americans out of tens of millions of dollars.
Robert Reger received a 120-month sentence, while David Lytle was sentenced to 48 months in prison.
The men, who worked at Epsilon Data Management LLC, sold targeted lists of US consumers (mostly elderly and vulnerable people) to cybercriminals running fraudulent mass-mailing schemes. Using Epsilon’s database of 100 million US households, they identified those most likely to fall for fraudulent mailings.
In one case, a scammer defrauded 218,000 victims out of $23.7 million using data supplied by the defendants, and in some instances, victims were defrauded over 20 times, the authorities said.
A phishing ring targeting Swiss citizens dismantled in West Africa
Eight suspected cybercriminals were arrested in Côte d'Ivoire as part of Interpol’s ongoing Operation Contender 2.0, an international initiative aimed at combating cybercrime in West Africa.
The arrests came after Ivorian authorities dismantled a large-scale phishing scam that caused over $1.4 million in financial losses. Posing as buyers on small advertising websites, the scammers tricked victims into visiting fake websites mimicking legitimate payment platforms, where users were asked to provide login details and credit card numbers.
The criminals further manipulated their targets by impersonating customer service agents from the payment platform, using phone calls to deceive victims. Swiss authorities, who received over 260 reports of the fraudulent scheme between August 2023 and April 2024, initiated an investigation that ultimately led to the arrest of the suspects in Côte d'Ivoire, including an alleged ringleader.
In other news, Indian authorities have dismantled a major cybercrime network, arresting 26 individuals across the country. The cybercriminals, operating from 32 locations, were involved in defrauding victims by impersonating tech support.
What’s next:
- Join our upcoming webinars
- Follow ImmuniWeb on Twitter, LinkedIn and Telegram
- Explore 20 use cases how ImmuniWeb can help
- Browse open positions to join our great Team
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter
Key Dutch has been working in information technology and cybersecurity for over 20 years, starting his first job with Windows 95 and dial-up modems. As the Editor-in-Chief of our Cybercrime Prosecution Weekly blog series, he compiles the most interesting news about police operations against cybercrime, as well as about regulatory actions enforcing data protection and privacy law. 
