Last week, the FBI indicted Maksim V. Yakubets, also known as “aqua,” the alleged leader of Russian-based cybercriminal organization “Evil Corp.” Dating back to 2011, the hacker group steadily evolved Bugat – dubbed one of the most widespread and destructive malware and banking trojans in the world – resulting in losses of $100 million or more across hundreds of banks. Now, the U.S. government is offering a record $5 million for information leading to Yakubets’ arrest. This is the largest reward the US government has ever offered for a cyber criminal.
Cybercriminals, like Yakubets, continue to adapt and evolve their level of sophistication, but as Assistant Attorney General Benczkowski stated, this case “demonstrate[s] our commitment to unmasking the perpetrators behind the world’s most egregious cyberattacks.” Through uncovering the identities of our cyber adversaries, we are able to disrupt and prevent future attacks.
What makes the Evil Corp campaign so impressive isn’t just the scale, but how adaptable it has proved to be. Law enforcement has pursued them for years, even successfully prosecuting Dridex sysadmin Andrey Ghinkul. US law enforcement disabled some of the conspiracy’s sub-botnets in 2016 by sinkholing them. The FBI indicted a related Belarus-based money mule network that same year. And still, Evil Corp persisted.