This article is more than 1 year old

Feds slap $5m bounty on 'Evil Corp' Russian duo accused of running ZeuS, Dridex banking trojans

Account-draining malware masterminds charged but remain in motherland

US prosecutors have slapped a $5m bounty on the heads of two Russian nationals they claim are part of the malware gang behind the banking trojans ZeuS and Dridex.

The crew, nicknamed "Evil Corp" by the Americans in a press conference today, was named and shamed with the help of Britain's National Crime Agency (NCA) and GCHQ offshoot the National Cyber Security Centre (NCSC).

"Maksim Yakubets, aged 32, from Moscow, is charged in relation to two separate international computer hacking and bank fraud schemes, spanning from May 2009 to the present," the NCA said in a press release issued this afternoon.

He is charged alongside 38-year-old Igor Turashev, allegedly Yakubets' sysadmin and controller of the Dridex malware.

Dridex was largely taken down by America's Federal Bureau of Investigation in 2015. ZeuS was its predecessor. Both strains were used by cybercriminals to harvest banking login details and empty innocent victims' bank accounts, whether those accounts belonged to individuals, businesses or even banks themselves.

"If Yakubets, who used the online moniker 'Aqua', ever leaves the safety of Russia he will be arrested and extradited to the US," thundered the NCA today, expressing the hope that other cybercrims will now find him "toxic" to deal with.

NCA chief exec Lynne Owens said in a canned statement: "It is our assessment that Maksim Yakubets and Evil Corp – the cybercrime group he controls – represent the most significant cybercrime threat to the UK."

Yakubets is said to have "employed dozens of people" to run his operations from the basements of Moscow cafés.

American prosecutor Brian Benczkowski said today: "Because many of the victims are small and medium enterprises, their accounts typically don't have the same legal protections afforded to consumer accounts. Some of the losses involved were particularly devastating. They did not discriminate in their choice of targets." He also alleged that among other individuals and corporate entities, the Russian duo had targeted a US-based order of Franciscan nuns.

Rob Jones, director of the NCA's cybercrime unit, told the US-based press conference that the operation to identify Yakubets and Turashev "goes back many years", hinting that British police agencies and the NCSC had been actively trying to "degrade the threat posed by the organisation".

"We estimate 300 organisations in 43 countries were affected in these attacks and that's an underestimate," said Jones, adding that "tens of millions of pounds" had been "stolen".

Jones said that British investigators on the trail of the Evil Corp gang had pieced together their identities bit by bit over "many years", meticulously piecing together "a trail of breadcrumbs that leads you back to real-world identities", adding: "That shows these people have made significant mistakes online."

Not wasting the opportunity of having British and American news media hanging off his every word, Jones also appeared to have a pop at apparent criticism from within the British police establishment directed at his unit.

"A fundamental point around cybercrime: many will say, as colleagues have already pointed out, you're wasting your time trying to arrest people, deliver evidence. That is plain wrong. We will extend our reach, we have a long memory, we will relentlessly pursue individuals online."

Both men live in Russia. An American confirmed in this afternoon's press conference that the Russian authorities had co-operated with a mutual legal assistance treaty request but refused to give details. ®

More about


Send us news

Other stories you might like