DOJ seizes $6MILLION in ransom payments and charges Ukrainian and Russian nationals for REvil attack
Biden’s DOJ has seized $6MILLION in ransom payments and charged Ukrainian and Russian nationals for REvil ransomware attacks, including one that hit more than 1,000 businesses over the July 4 weekend
U.S. officials said on Monday they had seized $6 million and charged two people in connection with a wave of REvil ransomware attacks They are seeking the extradition of Ukrainian Yaroslav Vasinskyi, 22He is accused of attacking Kaseya, snarling computers around the world in JulyThey also say they had charged Russian Yevgeniy Polyanin, 28‘The Justice Department is sparing no resource,’ said AG Merrick Garland
<!–
<!–
<!–<!–
<!–
(function (src, d, tag){
var s = d.createElement(tag), prev = d.getElementsByTagName(tag)[0];
s.src = src;
prev.parentNode.insertBefore(s, prev);
}(“https://www.dailymail.co.uk/static/gunther/1.17.0/async_bundle–.js”, document, “script”));
<!–
DM.loadCSS(“https://www.dailymail.co.uk/static/gunther/gunther-2159/video_bundle–.css”);
<!–
Law enforcement officers have seized $6 million and charged two suspected hackers in connection with a wave of ransomware attacks, including one that brought down businesses on the Fourth of July weekend, U.S. officials revealed on Monday.
Attorney General Merrick Garland announced charges against Ukrainian Yaroslav Vasinskyi, 22, and Russian Yevgeniy Polyanin, 28.
They are accused of being part of the REvil ransomware gang.
President Joe Biden welcomed the moves and said work continued to hold accountable anyone who threatened U.S. security.
‘When I met with President Putin in June, I made clear that the United States would take action to hold cybercriminals accountable,’ he said.
‘That’s what we have done today.
‘We are bringing the full strength of the federal government to disrupt malicious cyber activity and actors, bolster resilience at home, address the abuse of virtual currency to launder ransom payments, and leverage international cooperation to disrupt the ransomware ecosystem and address safe harbors for ransomware criminals.’
AG Merrick Garland said: ‘The Justice Department is sparing no resource to identify and bring to justice anyone, anywhere who targets the United States with a ransomware attack’
On Monday Attorney General Merrick Garland announced charges against Ukrainian Yaroslav Vasinskyi, 22, and Russian Yevgeniy Polyanin, 28
President Biden welcomed the moves and said work would continue to hold accountable anyone who threatened the security of the U.S.
At a press conference earlier, Garland said: ‘The Justice Department is sparing no resource to identify and bring to justice anyone, anywhere who targets the United States with a ransomware attack.’
The Treasury Department also announced sanctions against the pair and a virtual currency exchange, Chatex, which it said was used by criminal gangs.
REvil – also known as Sodinokibi – has been linked in recent months to ransomware targeting the world’s largest meat processor, JBS SA, as well as a Fourth of July weekend attack that snarled businesses around the world through a breach of a Florida-based software company called Kaseya.
According to court documents, Vasinskyi was allegedly responsible for the attack on Kaseya, encrypting data on computers of organizations around the world.
The defendants left notes on the computers in the form of text files, which included web addresses. Victims were given a ransom demand a virtual currency address.
If a victim paid the ransom amount, the defendants provided the decryption key, and the victims then were able to access their files.
If a victim did not, the defendants typically posted the victims’ stolen data or claimed they sold the stolen data to third parties, and victims were unable to access their files.
‘Ransomware can cripple a business in a matter of minutes,’ said Acting U.S. Attorney Chad E. Meacham for the Northern District of Texas.
‘These two defendants deployed some of the internet’s most virulent code, authored by REvil, to hijack victim computers.’
Officials also announced they seized $6.1 million in funds traceable to alleged ransom payments received by Polyanin, who is charged with launching attacks in Texas on or about Aug. 16, 2019.
Meanwhile, European law enforcement authorities announced Monday that they had arrested two other suspected ransomware operators with links to REvil in Romania.
The Justice Department has tried multiple ways to address a ransomware wave that it regards as a national security and economic threat.
Arrests of foreign hackers are significant for the Justice Department since many of them operate in the refuge of countries that do not extradite their own citizens to the U.S. for prosecution.
The scale of the scourge became apparent over the Fourth of July holiday weekend when hackers hit the IT systems of up to a million companies on virtually every continent and demanded $70million in cryptocurrency to fix it.
Swedish grocery stores, schools in New Zealand, and two major Dutch IT firms were among the victims of hacking group REvil which launched its attack on Friday after breaching the systems of US-based software firm Kaseya.
At the time Kaseya said just a few dozen of its customers were directly affected, but knock-on effects brought down firms in at least 17 countries including US and the UK – with one expert saying the attack is ‘unprecedented’ in its scale and sophistication.
A month earlier, the same group attacked the world’s largest meatpacking company JBS, disrupting production in North America and Australia.
On Monday, FBI Director Christopher Wray, said: ‘The FBI has worked creatively and relentlessly to counter the criminal hackers behind Sodinokibi/REvil.
‘Ransomware groups like them pose a serious, unacceptable threat to our safety and our economic well-being.
‘We will continue to broadly target their actors and facilitators, their infrastructure, and their money, wherever in the world those might be.’