“Ransomware can cripple a business in a matter of minutes,” Acting U.S. Attorney Chad E. Meacham for the Northern District of Texas said in a press release
In 2019, REvil (also referred to as Sodinokibi) stole files from 22 Texas municipalities, hoping to get $2.5 million in ransom. Texas cities never coughed up the cash, but REvil kept pulling off attacks around the world.
But this week, the U.S. Department of Justice announced two foreign nationals have been charged for their involvement in deploying REvil ransomware attacks. The feds also seized $6.1 million allegedly traceable to ransom payments. The Dallas and Jackson FBI field offices have lead the investigation.
The two face up to 115 and 145 years in prison, respectively. They're charged in separate indictments with conspiracy to commit fraud and related activity in connection with computers, counts of damage to protected computers, and conspiracy to commit money laundering.
“Cybercrime is a serious threat to our country: to our personal safety, to the health of our economy, and to our national security,” U.S. Attorney General Merrick Garland said at a press conference Monday. “Our message today is clear. The United States, together with our allies, will do everything in our power to identify the perpetrators of ransomware attacks, to bring them to justice, and to recover the funds they have stolen from their victims.”
Yaroslav Vasinskyi, a 22-year-old Ukrainian national, and Yevgeniy Polyanin, a 28-year-old Russian national, have been charged over the attacks.
“The arrest of Yaroslav Vasinskyi, the charges against Yevgeniy Polyanin and seizure of $6.1 million of his assets, and the arrests of two other Sodinokibi/REvil actors in Romania are the culmination of close collaboration with our international, U.S. government and especially our private sector partners,” said FBI director Christopher Wray.
According to CNBC, President Joe Biden said cyber threats should be a concern for the whole country. “When I met with President Putin in June, I made clear that the United States would take action to hold cybercriminals accountable,” Biden said in a statement. “That’s what we have done today.”“When I met with President Putin in June, I made clear that the United States would take action to hold cybercriminals accountable. That’s what we have done today.” – President Joe Biden
tweet this
Vasinskyi was involved in REvil ransomware attacks this year, including one against Kaseya, a multinational information technology software company. Vasinskyi deployed malicious REvil code throughout one of Kaseya’s products. Through this, ransomware was deployed to Kaseya customer networks so data could be encrypted and locked until a payment was made.
Polyanin allegedly played a part in the 2019 attack on 22 Texas municipalities, which was pulled off in a similar fashion. Ransomware was deployed through a third-party IT company that was used by the Texas cities.
Actors with REvil, like Vasinskyi and Polyanin, allegedly left text notes that would direct victims to where they could pay and recover their files.
"If a victim paid the ransom amount, the defendants provided the decryption key, and the victims then were able to access their files," the DOJ press release said. "If a victim did not pay the ransom, the defendants typically posted the victims’ stolen data or claimed they sold the stolen data to third parties, and victims were unable to access their files."
Vasinskyi was taken into custody in Poland early last month. U.S. law enforcement agencies are still working to get Vasinskyi extradited in relation to the charges. Polyanin hasn’t been taken into custody yet and is believed to be on the loose abroad.
