The Department of Justice announced on Monday, Nov. 8, that it successfully seized $6.1 million collected in ransom. Along with that came the filing of criminal charges against two notorious Eastern Europeans, alleged to be associated with the REvil ransomware that wreaked havoc across the world this year.
Yaroslav Vasinskyi, a 22-year-old Ukrainian national, was arrested last month in Poland and is waiting to be extradited to the United States. He has been accused of deploying REvil, which was weaponized against American companies, costing them millions in ransom payments.
He was specifically charged in connection to a cyberattack against Kaseya, a software firm, on July 4 that affected hundreds of its client companies across the country. More than 1,500 entities — including schools, railroads, and stores – were impacted. Documents unsealed on Monday accused Vasinskyi of conducting about 2,500 ransomware attacks in total– demanding $767 million and receiving $2.3 million.
A 28-year-old Russian national, Yevgeniy Polyanin, who remains at large, faces charges of conspiracy to commit money laundering, damaging protected computers, and conspiracy to commit fraud. He has been accused of launching 3,000 cyber-attacks using REvil and attempting to extort $13 million from a range of victims, including U.S. law enforcement agencies.
The $6 million seized by the United States is allegedly linked to payments received by Polyanin. The Treasury Department imposed sanctions on both Vasinskyi and Polyanin and exchanges in cryptocurrency suspected to have moved money for ransomware criminals.
Sending a Message to Hackers
Attorney General Merrick Garland said, “Our message today is clear: the United States, together with our allies, will do everything in our power to identify the perpetrators of ransomware attacks, to bring them to justice, and to recover the funds they have stolen from their victims.” His department is committed to securing Polyanin and Vasinskyi’s “illicit profits and returning them whenever we can to the victims who were extorted.” Garland reiterated that he is dedicated to taking down cybercriminals who have conducted attacks or pose a threat to national security or Americans’ well-being.
The State Department is offering up to $10 million in rewards for information leading to the location or identification of anyone part of the REvil crime group. It also promises up to $5 million for information leading to the conviction or arrest of an individual conspiring to participate in REvil ransomware attacks. No charges involved the Russian government as a player, but at a press conference on Monday, President Joe Biden referenced his meeting over the summer with President Vladimir Putin to “hold cybercriminals accountable.”
The president shared that his administration is “bringing the full strength of the federal government to disrupt malicious cyber activity and actors, bolster resilience at home, address the abuse of virtual currency to launder ransom payments, and leverage international cooperation to disrupt the ransomware ecosystem and address safe harbors for ransomware criminals.”
International Effort Against Cybercriminals
According to Europol, the two suspects accused of using REvil ransomware to commit cybercrimes were arrested in Romania on Nov. 4. They are allegedly responsible for 5,000 infections that turned out $579 million in ransom payments. The arrests are in addition to three other affiliates of the notorious Russian-led criminal gang and two other alleged cybercriminals connected to GandCrab, another group detained earlier this year. Operation GoldDust, involving 17 countries and multiple international law enforcement organizations, is responsible for these apprehensions.
The United States has struggled in the past to pursue international hackers because a majority operate out of countries that do not extradite their citizens to the United States.
~ Read more from Keelin Ferris.