О нас
Коллекция
Для исследователей
Волонтёрам
Рассылка
Наш Telegram
Дата
01.10.2024
Автор
Скрыт
Источник
The Insider
Сохранённая копия
Internet Archive
Original Material

Organizer of hitmen from FSB's Vympel unit, along with six other Russians, accused of collaborating with hacker group Evil Corp

Benderskiy is also known as an avid hunter. In 2016, he wrote a letter to Russian Deputy Prime Minister Alexander Khloponin requesting “five permits for the hunting of the Putorana snow sheep,” as reported by Meduza, which obtained the letter. In exchange, Benderskiy offered that his club would “assist in funding conservation programs for this subspecies in the amount of 15 million rubles” — close to $225,000 at that time. The Putorana snow sheep (Ovis nivicola borealis), listed in the Red Data Book of Russia, had an estimated population of around 800 at the time of his request; it later declined to 500.

Who is Aleksandr Ryzhenkov?

Aleksandr Ryzhenkov’s name surfaced in connection with Evil Corp for the first time on Oct. 1, 2024. The Insider obtained court documents filed in the U.S. that accused him of fraud, conspiracy, hacking into U.S. computer systems, and conspiracy to launder money. An arrest warrant for Ryzhenkov was issued in Mar. 2023, but this fact only became known recently.

Ryzhenkov, 31, was born in Uzbekistan, lived in Moscow and the Moscow suburb of Khimki, and is known by aliases including Sanya Maloy, Mrakobek, J.d.m0rr1s0n, Jim Morrison, Lizardking, and CHERDAKMUDAK.

According to the investigation, Ryzhenkov began committing cybercrimes against U.S. companies in the summer of 2017. He used the BitPaymer ransomware program, which experts believe shares similarities with Dridex, originally used by Evil Corp hackers.

According to FBI data, in the summer of 2017 Ryzhenkov searched online for information on Bitcoin extortion, ransomware hacker activities, and methods for deleting computer backups — a tactic often employed by ransomware hackers to pressure victims into paying a ransom. At the time, leaked bailiff service data revealed that he had accumulated numerous debts from multiple small loans.

Ryzhenkov remained with Yakubets' team even after a split in the group in 2019, as indicated by British investigators, and together they continued working on a new ransomware virus, later named WastedLocker.

After 2022, many Evil Corp members left the group, but Yakubets and Ryzhenkov continued to commit attacks using ransomware. The UK’s National Crime Agency established that Ryzhenkov, in particular, became a “partner” of LockBit — a ransomware ecosystem sold on underground forums. In 2022, LockBit became the most widespread ransomware in the world. The Canadian Communications Security Establishment noted that LockBit might be responsible for 44% of all such malware attacks globally. In Feb. 2024, the U.S. Department of Justice announced that a joint operation with the FBI and UK’s NCA dismantled LockBit’s infrastructure. The NCA also stated that Ryzhenkov was heavily involved in LockBit attacks.

“Today’s charges against Ryzhenkov detail how he and his conspirators stole the sensitive data of innocent Americans and then demanded ransom,” commented Deputy Attorney General Lisa Monaco. The investigation into Ryzhenkov and other members of Evil Corp continues.