The U.S. Justice Department announced that law enforcement officials seized around $6 million in ransom payments from the REvil ransomware group and the cyberattacks they carried Criminal charges were also filed against two foreign nationals who allegedly coordinated the ransomware attacks.
What Happened?
On November 8, U.S. Attorney General Merrick Garland announced that federal prosecutors charged Ukrainian Yaroslav Vsinskyi and Russian Yevgeniy Polyanin for alleged cybercrimes. Court documents show a strong link to the ransomware gang that attacked several U.S. companies back in July. As part of the investigations, the prosecutors also seized over $6 million traceable to the ransom payments.
The pair were the alleged masterminds of several
ransomware attacks in various countries. They were accused of attacking Kaseya, a Miami-based software company, which affected more than 1,500 businesses in the United States and abroad. They reportedly demanded a payment of $70 million from each victim after deploying REvil-created ransomware. It allowed them to encrypt data on these computers and demand the ransom.
The REvil ransomware gang have orchestrated several other
data breaches. For example, the
FBI accused them of the ransomware attack on JBS, the largest meat processor in the world. The breach temporarily halts production at their facilities in three countries. JBS eventually paid $11 million before the hackers unlocked their network.
The Attorney General revealed that the group deployed approximately 170,000 computers worldwide. In these attacks, they have received at least $200 million in ransom payments. Victims who refuse to pay may have to spend millions of dollars reforming their systems.
The move by prosecutors shows that the Biden administration is increasing its efforts to improve cyber security and seek out threat actors. The
president has vowed to take any necessary action to defend its people and critical infrastructure. Since law enforcement is actively tracking ransomware groups, several groups have temporarily stayed off the radar.
Who are Vasinskyi and Polyanin?
Yaroslav Vasinskyi is a 22-year-old Ukrainian hacker. He is suspected of writing the software behind the REvil cyber attack against Kaseya. The indictment also revealed that the attack limited the operations of thousands of companies for several weeks. He has reportedly deployed ransomware known as REvil that costs several companies in the U.S. millions of dollars.
Yevgeniy Polyanin is a 28-year-old Russian national, who is also accused of creating the REvil ransomware. He is charged with 14 counts of conspiracy to commit fraud, money laundering, and intentional damage to a protected computer. He has allegedly carried out 3,000 cyber attacks till date.
The pair worked together to design a fraudulent computer program called Sodinokibi. The program is meant to hold computer systems hostage in exchange for digital currencies like Bitcoin and Monero.
On Monday,
the Treasury Department imposed sanctions on the two foreign nationals. The cryptocurrency exchange suspected of helping to facilitate REvil's transactions, Chatex, was also sanctioned. President Biden also advised companies to disrupt the ransomware ecosystem by bolstering their cyber resilience.
How did the law enforcement catch him?
The Justice Department said authorities arrested Yaroslav Vasinskyi when he traveled to Poland last month.
“There are lots of reasons why people travel, and I cannot get into the specific reason why Mr. Vasinskyi traveled, but boy, we are glad he did,”
the Director of the FBI announced on Monday. Vasinskyi is in custody in Poland pending the verdict of his extradition proceedings. Polyanin, on the other hand, has not been apprehended.
The Attorney General promised that the government will not stop its aggressive pursuit of all the criminal gangs within the ransomware ecosystem. Experts say apprehending suspected cybercriminals is part of the ongoing fight against hackers by the Biden administration.