The National Crime Agency (NCA) in the UK has identified a prominent LockBit affiliate as part of its ongoing Operation Cronos against the notorious gang. This affiliate, known as Beverley, has been revealed to have strong ties to the Evil Corp cyber crime organization, confirming suspicions that had been circulating for some time.
Known in real life as Aleksandr Ryzhenkov, Beverley has been a close associate of Evil Corp’s leader, Maksim Yakubets, for over a decade. He played a key role in developing the WastedLocker ransomware for Evil Corp around 2020 before becoming a LockBit affiliate in 2022.
Gavin Webb, senior investigating officer on Operation Cronos, highlighted that Beverley was involved in extortion attempts and targeting numerous victims. The NCA is working with other agencies to uncover more details about LockBit affiliates and their activities.
In addition to Beverley, 16 individuals associated with Evil Corp have been sanctioned in the UK, with a new indictment unsealed against Beverley in the US. Evil Corp is believed to have generated $300 million from victims worldwide, including critical infrastructure operators, health organizations, and government bodies.
The NCA has also exposed links between Evil Corp and the Kremlin, revealing that Yakubets had connections to the Russian government through his father-in-law, Eduard Benderskiy. Benderskiy, a former FSB official, used his contacts to strengthen Yakubets’ ties to the Russian state.
UK Foreign Secretary David Lammy emphasized the need to combat the Kremlin’s corrupt activities, with today’s actions marking just the beginning of efforts to target the Russian government.
Impact of LockBit Takedown
Following the takedown of the LockBit gang in Operation Cronos, the group’s operations were severely compromised. The NCA not only dismantled their server infrastructure but also publicly exposed key members, including their leader Khoroshev.
The humiliation of Khoroshev, who was revealed to drive an old Mercedes instead of a Lamborghini as he claimed, dealt a blow to the gang’s reputation. Despite attempts by LockBit affiliates to fight back, the group’s credibility was damaged, leading to a decline in operations.
While LockBit ransomware remains a threat, its use has decreased, with leaked builds being deployed by less successful affiliates. The NCA’s disruption efforts aimed to prevent the gang from regaining strength and growing further.
Recent Arrests
In the past few weeks, the NCA has made additional arrests in the UK and Europe related to money laundering for LockBit. French and Spanish authorities have apprehended individuals linked to the gang, with servers seized as part of the operation.
The NCA has also taken control of LockBit’s dark web portal, using it to expose more details about recent arrests and taunt cyber criminals involved in the operation.
