DOJ charges REvil ransomware leaders with Kaseya attack

The U.S. Department of Justice (DOJ) arrested and charged a Ukrainian national for their involvement in the ransomware attack against IT company Kaseya in July.

According to the DOJ, the individual, Yaroslav Vasinskyi, has been charged with deploying Sodinokibi/REvil ransomware to attack businesses and government entities in the United States.

The department also announced it had seized $6.1 million from Yevgeniy Polyanin, a Russian national, who is also charged with conducting Sodinokibi/REvil ransomware attacks against multiple victims, including businesses and government entities in Texas on or about Aug. 16, 2019.

Vasinskyi and Polyanin reportedly accessed the internal computer networks of several victim companies and deployed Sodinokibi/REvil ransomware to encrypt the data on the computers of victim companies.

Vasinskyi and Polyanin are charged in separate indictments with conspiracy to commit fraud and related activity in connection with computers, substantive counts of damage to protected computers, and conspiracy to commit money laundering. If convicted of all counts, each faces a maximum penalty of 115 and 145 years in prison, respectively.

“The arrest of Yaroslav Vasinskyi, the charges against Yevgeniy Polyanin and seizure of $6.1 million of his assets, and the arrests of two other Sodinokibi/REvil actors in Romania are the culmination of close collaboration with our international, U.S. government and especially our private sector partners,” said FBI Director Christopher Wray. “The FBI has worked creatively and relentlessly to counter the criminal hackers behind Sodinokibi/REvil. Ransomware groups like them pose a serious, unacceptable threat to our safety and our economic well-being. We will continue to broadly target their actors and facilitators, their infrastructure, and their money, wherever in the world those might be.”

The case is part of the DOJ’s Ransomware and Digital Extortion Task Force, which was created to combat the growing number of ransomware and digital extortion attacks. The U.S. Attorney’s Office for the Northern District of Texas, the FBI’s Dallas and Jackson Field Offices, and the Criminal Division’s Computer Crime and Intellectual Property Section conducted the operation in close cooperation with Europol and Eurojust. Investigators and prosecutors from several jurisdictions, including Romania’s National Police and the Directorate for Investigating Organised Crime and Terrorism; Canada’s Royal Canadian Mounted Police; France’s Court of Paris and BL2C (anti-cybercrime unit police); Dutch National Police; Poland’s National Prosecutor’s Office, Border Guard, Internal Security Agency, and Ministry of Justice; and the governments of Norway and Australia provided valuable assistance.

The U.S. Department of the Treasury Financial Crimes Enforcement Network (FinCEN), Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), Germany’s Public Prosecutor’s Office Stuttgart and State Office of Criminal Investigation of Baden-Wuerttemberg; Switzerland’s Public Prosecutor’s Office II of the Canton of Zürich and Cantonal Police Zürich; United Kingdom’s National Crime Agency; U.S. Secret Service; Texas Department of Information Resources; Bitdefender; McAfee; and Microsoft also provided significant assistance.

Maria Henriquez is a former Associate Editor of Security. She covered topics including cybersecurity and physical security, risk management and more.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.