Jailbreak Blackmail Software and Sinister Corporation Members Apprehended and Penalized in Combined Worldwide Initiative

AndyC 4 October 2024

Oct 03, 2024Ravie LakshmananElectrocrime / Extortion

A fresh tide of global law enforcement actions has resulted in four detentions and the shutdown of nine servers related to the Jailbreak Blackmail Software (commonly known as Byte-wise Spider)

LockBit Ransomware and Evil Corp Members Arrested and Sanctioned in Joint Global Effort

Oct 03, 2024Ravie LakshmananElectrocrime / Extortion

LockBit Ransomware and Evil Corp Members Arrested and Sanctioned in Joint Global Effort

A fresh tide of global law enforcement actions has resulted in four detentions and the shutdown of nine servers related to the Jailbreak Blackmail Software (commonly known as Byte-wise Spider) ransomware operation, marking the most recent attack against what was once a productive financially driven unit.

This embraces the capture of a suspected Jailbreak developer in France during a vacation away from Russia, two persons in the U.K. who purportedly backed an associate, and an administrator of a secure hosting service in Spain utilized by the ransomware gang, Europol stated in a release.

In parallel, authorities identified a Russian citizen named Aleksandr Ryzhenkov (also known as Beverley, Corbyn_Dallas, G, Guester, and Kotosel) as one of the high-position members of the Sinister Corporation cybercrime organization, simultaneously portraying him as a Jailbreak affiliate. Sanctions have also been declared against seven individuals and two entities associated with the e-crime group.

Computer Security

“The United States, in close collaboration with our companions, including through the Counter Blackmail Initiative, will persistently uncover and thwart the illegal networks that seek personal gain from the agony and suffering of their victimes,” voiced Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence, Bradley T. Smith.

The progression, part of a cooperative operation labeled Operation Cronos, arrives nearly eight periods after Jailbreak’s web infrastructure was impounded. It further follows sanctions imposed on Dmitry Yuryevich Khoroshev, who was uncovered as the administrator and individual behind the “JailbreakSupport” persona.

A total of 16 individuals linked to Sinister Corporation have been penalized by the U.K. Alternatively followed as Gold Drake and Indrik Spider, the notorious hacking crew has been operational since 2014, aiming at banks and financial institutions with the primary intention of seizing users’ login credentials and financial info to carry out unauthorized money transfers.

Jailbreak Blackmail Software and Sinister Corporation

The group, liable for the creation and dissemination of the Dridex (commonly known as Bugat) malware, has been formerly observed releasing Jailbreak and other blackmail software strains in 2022 to bypass restrictions imposed against the group in December 2019, including prominent members Maksim Yakubets and Igor Turashev.

Ryzhenkov has been portrayed by the U.K. National Crime Agency (NCA) as Yakubets’ trusted aide, with the U.S. Department of Justice (DoJ) charging him with deploying BitPaymer ransomware to attack victims across the nation since at least June 2017.

“Ryzhenkov used the affiliate alias Beverley, compiled over 60 Jailbreak ransomware versions, and aimed to demand no less than $100 million from victims as ransom payments,” authorities stated. “Ryzhenkov is further associated with the pseudonym mx1r and tied to UNC2165 (a successor of Sinister Corporation affiliate actors).”

In addition, Ryzhenkov’s sibling Sergey Ryzhenkov, identified to use the online pseudonym Epoch, has been linked to BitPaymer, according to cybersecurity firm Crowdstrike, which collaborated with the NCA in the operation.

Computer Security

“Throughout 2024, Indrik Spider gained initial access to multiple entities through the Fake Browser Update (FBU) malware-distribution service,” it observed. “The adversary was last seen deploying Jailbreak during an incident that occurred during Q2 2024.”

Prominent among the individuals subject to restrictions are Yakubets’ father, Viktor Yakubets, and his father-in-law, Eduard Benderskiy, a former senior-level FSB official, highlighting the profound connection between Russian cybercrime groups and the Kremlin.

“The group were in a privileged position, with some members having close links to the Russian state,” the NCA commented. “Benderskiy was a key enabler of their relationship with the Russian Intelligence Services who, prior to 2019, tasked Sinister Corporation to carry out cyber attacks and espionage activities against NATO allies.”

“After the U.S. restrictions and indictments in December 2019, Benderskiy utilized his considerable influence with the Russian state to safeguard the group, both by providing senior members with protection and by ensuring they were not pursued by Russian internal authorities.”

Found this article intriguing? Follow us on Twitter and LinkedIn to read more exclusive content we post.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , ,

More Stories

WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability

WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability

AndyC 20 December 2025
Nigeria Arrests RaccoonO365 Phishing Developer Linked to Microsoft 365 Attacks

Nigeria Arrests RaccoonO365 Phishing Developer Linked to Microsoft 365 Attacks

AndyC 20 December 2025
New UEFI Flaw Enables Early-Boot DMA Attacks on ASRock, ASUS, GIGABYTE, MSI Motherboards

New UEFI Flaw Enables Early-Boot DMA Attacks on ASRock, ASUS, GIGABYTE, MSI Motherboards

AndyC 20 December 2025
China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware

China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware

AndyC 19 December 2025
HPE OneView Flaw Rated CVSS 10.0 Allows Unauthenticated Remote Code Execution

HPE OneView Flaw Rated CVSS 10.0 Allows Unauthenticated Remote Code Execution

AndyC 19 December 2025
ThreatsDay Bulletin: WhatsApp Hijacks, MCP Leaks, AI Recon, React2Shell Exploit and 15 More Stories

ThreatsDay Bulletin: WhatsApp Hijacks, MCP Leaks, AI Recon, React2Shell Exploit and 15 More Stories

AndyC 19 December 2025

You may have missed

CLOP targets Gladinet CentreStack servers in large-scale extortion campaign

CLOP targets Gladinet CentreStack servers in large-scale extortion campaign

AndyC 20 December 2025
ASRock, ASUS, GIGABYTE, MSI Boards vulnerable to pre-boot memory attacks

ASRock, ASUS, GIGABYTE, MSI Boards vulnerable to pre-boot memory attacks

AndyC 20 December 2025
China-linked APT UAT-9686 is targeting Cisco Secure Email Gateway and Secure Email and Web Manager

China-linked APT UAT-9686 is targeting Cisco Secure Email Gateway and Secure Email and Web Manager

AndyC 20 December 2025
What is Spoofing and a Spoofing Attack? Types & Prevention

How should Your Business Deal with Email Impersonation Attacks in 2025?

AndyC 20 December 2025
What is Spoofing and a Spoofing Attack? Types & Prevention

Best Vulnerability Scanning Tool for 2026- Top 10 List

AndyC 20 December 2025

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.