DOJ charges REvil ransomware leaders with Kaseya attack

November 10, 2021

The U.S. Department of Justice (DOJ) arrested and charged a Ukrainian national for their involvement in the ransomware attack against IT company Kaseya in July.

According to the DOJ, the individual, Yaroslav Vasinskyi, has been charged with deploying Sodinokibi/REvil ransomware to attack businesses and government entities in the United States.

The department also announced it had seized $6.1 million from Yevgeniy Polyanin, a Russian national, who is also charged with conducting Sodinokibi/REvil ransomware attacks against multiple victims, including businesses and government entities in Texas on or about Aug. 16, 2019.

Vasinskyi and Polyanin reportedly accessed the internal computer networks of several victim companies and deployed Sodinokibi/REvil ransomware to encrypt the data on the computers of victim companies.

Vasinskyi and Polyanin are charged in separate indictments with conspiracy to commit fraud and related activity in connection with computers, substantive counts of damage to protected computers, and conspiracy to commit money laundering. If convicted of all counts, each faces a maximum penalty of 115 and 145 years in prison, respectively.

“The arrest of Yaroslav Vasinskyi, the charges against Yevgeniy Polyanin and seizure of $6.1 million of his assets, and the arrests of two other Sodinokibi/REvil actors in Romania are the culmination of close collaboration with our international, U.S. government and especially our private sector partners,” said FBI Director Christopher Wray. “The FBI has worked creatively and relentlessly to counter the criminal hackers behind Sodinokibi/REvil. Ransomware groups like them pose a serious, unacceptable threat to our safety and our economic well-being. We will continue to broadly target their actors and facilitators, their infrastructure, and their money, wherever in the world those might be.”

The case is part of the DOJ’s Ransomware and Digital Extortion Task Force, which was created to combat the growing number of ransomware and digital extortion attacks. The U.S. Attorney’s Office for the Northern District of Texas, the FBI’s Dallas and Jackson Field Offices, and the Criminal Division’s Computer Crime and Intellectual Property Section conducted the operation in close cooperation with Europol and Eurojust. Investigators and prosecutors from several jurisdictions, including Romania’s National Police and the Directorate for Investigating Organised Crime and Terrorism; Canada’s Royal Canadian Mounted Police; France’s Court of Paris and BL2C (anti-cybercrime unit police); Dutch National Police; Poland’s National Prosecutor’s Office, Border Guard, Internal Security Agency, and Ministry of Justice; and the governments of Norway and Australia provided valuable assistance.

The U.S. Department of the Treasury Financial Crimes Enforcement Network (FinCEN), Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), Germany’s Public Prosecutor’s Office Stuttgart and State Office of Criminal Investigation of Baden-Wuerttemberg; Switzerland’s Public Prosecutor’s Office II of the Canton of Zürich and Cantonal Police Zürich; United Kingdom’s National Crime Agency; U.S. Secret Service; Texas Department of Information Resources; Bitdefender; McAfee; and Microsoft also provided significant assistance.

Maria Henriquez joined Security Magazine in 2019 as its Associate Editor. Since then, she has been covering the security industry and reporting on issues affecting enterprise security leaders, to include cybersecurity, leadership and management, risk and resilience and pressing security challenges facing the industry.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.