The United States Department of Justice has offered a $5-Million reward for information leading to the arrest of Maksim Yakubets and Igor Turashev, two Russians believed to have run a malware operation that netted over $100 Million in illegal gains. The $5 Million figure is, by far, the largest reward ever offered for the capture of a cybercriminal.
According to an indictment unsealed today, Yakubets (known in some hacker communities as “AQUA”) and Turashev used malware to steal millions of dollars in more than 40 countries from business and nonprofits alike; the pair are believed to be living as free men in Russia, whose intelligence arm and other government “cyber-enabled operations” Yakubets is also believed to have aided in various capacities. Yakubets stands accused of leading the Moscow-based hacker group, Evil Corp, while Turashev is alleged to have worked as a system administrator for the group.
Evil’s malware, known as Dridex, was spread through “phishing” campaigns that transformed targets into victims by tricking them into clicking on malicious links contained within email messages impersonating communications from legitimate, trusted entities such as banks. Once a target’s computer was successfully infected with malware, Dridex would steal banking information, which Evil Corp exploited to steal money and subsequently transfer the funds through various money launderers, some of whom have already been arrested, charged, and convicted. The pair of criminals stands accused of stealing about $70 million by using Dridex; Yakubets has also accused by US law enforcement of having used malware known as Zeus to steal approximately another $100 million.
Today’s indictments were the result of a multi-year investigation by the US’s FBI, and by Britain’s National Crime Agency (NCA) and Cyber Security Centre.
Cybercriminals take note – the US government will spend good money to take you down.