US authorities have promised a reward of $ 5,000,000 for information about the Russian hacker from Evil Corp. The US Department of Justice has brought charges against two Russians, who, according to law enforcement authorities, are behind the development of Dridex malware and many other programs.[dropcap]T[/dropcap]he indictment states that 32-year-old Maxim Yakubets and 38-year-old Igor Turashev were the developers of the famous banking Trojan Dridex, and Yakubets was the leader of the group.
In addition, Jakubets is also accused of developing and distributing another well-known banker, ZeuS, the predecessor of Dridex, which operated between 2007 and 2010. Recall that the first time Dridex was noticed by researchers in 2011, a year after the ZeuS source codes were published on the network.
“The Jacobian used ZeuS to steal over $ 70,000,000 from his victims. However, at the same time Yakubets was supposed to be the main development of Dridex, as well as the ecosystem built around malware, which brought the hacker about 100 million US dollars”, – report law enforcement authorities.
Initially, the name Dridex was assigned to the classic banking trojan, which appeared in 2011 and stole banking credentials from infected hosts, introducing fake login pages into the browsers of the victims. Later, other malicious activity of its operators, including the Necurs botnet and the BitPaymer ransomware, began to be associated with the name Dridex. In fact, IS researchers began to designate a criminal group by the name Dridex, although hackers themselves often called themselves Evil Corp.
Back in 2014, the National Crime Agency of Great Britain called this group “the most dangerous hacker group in the world.” According to the agency, now published, Yakubets hired dozens of people to manage various Evil Corp operations and did not hesitate to brag about his illegally acquired wealth on social networks. So, he often published photos of expensive cars (for example, a custom-made Audi R8 or Lamborghini Huracan), bundles of money and so on.
“The Yakubets and his accomplices not only used Dridex themselves, but also allowed other criminals to distribute the malware on their own behalf, subject to an initial payment of $ 100,000, as well as 50% of all income (at least $ 50,000 per week)”, – US authorities report.
It is known that the second suspect, Igor Turashev, was a developer of Dridex. The US Department of Justice claims to have performed various duties, including system administration, managing internal control panels, and monitoring botnet operations. In addition, it is believed that he organized spam campaigns and later used Dridex to install ransomware on victims’ computers.
Currently, Yakubets and Turashev are still free and, according to the FBI, live in Moscow. Now the US authorities are offering a reward of $ 5 million for any information that could lead to the arrest of Maxim Yakubets.
In addition to accusations and remuneration in absentia, the U.S. Treasury Department also imposed sanctions on 24 organizations and individuals affiliated with Evil Corp and Yakubets. Now they have limited access to assets and international financial systems.[box]The announcements of the authorities were accompanied by a video conference at which it was announced that, in the opinion of American law enforcement officers, Yakubets has been cooperating with the Russian government since 2017. Allegedly, he is helping Russian intelligence agencies collect sensitive information from Dridex victims’ computers.[/box]