Treasury News Release: Treasury Sanctions Evil Corp, the Russia-Based Cybercriminal Group Behind Dridex Malware

Immediate Release

Washington – Today the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) took action against Evil Corp, the Russia-based cybercriminal organization responsible for the development and distribution of the Dridex malware.  Evil Corp has used the Dridex malware to infect computers and harvest login credentials from hundreds of banks and financial institutions in over 40 countries, causing more than $100 million in theft.  This malicious software has caused millions of dollars of damage to U.S. and international financial institutions and their customers.  Concurrent with OFAC’s action, the Department of Justice charged two of Evil Corp’s members with criminal violations, and the Department of State announced a reward for information up to $5 million leading to the capture or conviction of Evil Corp’s leader.  These U.S. actions were carried out in close coordination with the United Kingdom’s National Crime Agency (NCA).  Additionally, based on information obtained by the Treasury Department’s Financial Crimes Enforcement Network (FinCEN), the Treasury Department’s Office of Cybersecurity and Critical Infrastructure Protection (OCCIP) released previously unreported indicators of compromise associated with the Dridex malware and its use against the financial services sector. 

 

Read Treasury’s entire news release here: https://home.treasury.gov/news/press-releases/sm845

Read FinCEN’s and OCCIP’s announcement here: https://www.us-cert.gov/ncas/alerts/aa19-339a

###