Authorities arrest Evil Corp members, seize LockBit-owned servers

Law enforcement agencies from across Europe have arrested four individuals believed to be connected to the notorious LockBit ransomware group and seized servers critical to the group’s operations.

 

In a press release, Europol said that the arrests were a result of the third phase of “Operation Cronos” that was carried out by 12 countries, namely the U.S., the UK, Australia, France, Canada, Germany, Japan, Spain, Sweden, Switzerland, Netherlands, and Romania.

 

As per the press release, an individual suspected to be a developer of LockBit was arrested by the French police, two more individuals were arrested by the British authorities while Spanish authorities seized nine servers, part of the ransomware’s infrastructure, and arrested an administrator of a Bulletproof hosting service used by the ransomware group. 

 

In addition, Australia, the UK and the US implemented sanctions against an individual who the National Crime Agency had identified as an affiliate of LockBit and strongly linked to “Evil Corp”.

 

“The latter comes after LockBit’s claim that the two ransomware groups do not work together. The United Kingdom sanctioned fifteen other Russian citizens for their involvement in Evil Corp’s criminal activities, while the United States also sanctioned six citizens and Australia sanctioned two,” reads the press release.

 

“Europol facilitated the information exchange, supported the coordination of the operational activities and provided operational analytical support, as well as crypto tracing and forensic support. The analysis workflow proposed after the first operation enabled a joint work focused on the identification of the LockBit actors.

 

“Following the initiation operations against LockBit’s infrastructure in the beginning of 2024, Europol organised seven technical sprints, three of which were fully dedicated to cryptocurrency tracing. During the action days, Europol deployed an expert to provide on-the-spot support to the national authorities,” the agency added.

 

According to the National Crime Agency, Evil Corp was set up as a financial crime group by Maksim Yakubets, a Russian national based in Moscow. The family-run group quickly ventured into cyber crime and used ransomware attacks to extort at least $300 million from global victims, including governments, healthcare organisations and critical infrastructure companies.