REvil ransomware attacks: US announces crackdown on Russia-linked hackers as two charged and $6.1m seized

Andrew Feinberg
Monday 08 November 2021 22:11
Garland announces anti-ransomware crackdown

The Department of Justice on Monday announced a major crackdown on Russia-linked ransomware gangs, including the seizure of $6.1m from one ransomware actor and the unsealing of charges against two men linked to ransomware attacks this past year.

One of the two, Yaroslav Vasinskyi of Ukraine, was taken into custody in Poland last month, and has had $6.1m in assets seized by the Justice Department. The other, a Russian national called Yevgeniy Polyanin, remains at large.

Both men are facing charges for their roles in the deployment of ransomware known as REvil, which was used in a 2 July attack against a Florida software company called Kaseya as well as in attacks on numerous companies, including the hack of Colonial Pipeline this past May.

That attack, which temporarily shuttered the company’s 5,500 mile gas pipeline, cut the east coast of the US off from 45 per cent of its usual fuel supply.

“The Justice Department is sparing no resource to identify and bring to justice anyone, anywhere who targets the United States with a ransomware attack,” Attorney General Merrick Garland said at a Monday press conference announcing the charges.

Mr Garland said Mr Vasinskyi was indicted on 11 August on charges of “conspiring to commit intentional damage to protected computers and to extort in relation to that damage, causing intentional damage to protected computers, and conspiring to commit money laundering,” for his role in the attack on Kaseya.

The attorney general said Mr Polyanin also faces similar charges for the use of REvil ransomware to extort approximately $13m from victims.

Additionally, the State Department announced a reward of up to $10m for information leading to the identification or location of anyone involved in the REvil organization, or up to $5m for information leading to the arrest or conviction of anyone who participates in an REvil attack.

In a statement, State Department spokesperson Ned Price said the reward is meant to be a way the US “demonstrates its commitment to protecting ransomware victims around the world from exploitation by cyber criminals” and “looks to nations who harbor ransomware criminals that are willing to bring justice for those victim businesses and organizations affected by ransomware”.

Deputy Attorney General Lisa Monaco said the department’s success in going after the perpetrators of the Kaseya hack came about because the company reported the attack quickly and cooperated with law enforcement.

“What you see here today is a united front and our message should be clear: If you target victims here, we will target you and the Department of Justice won’t give up until you are held accountable,” she said.

In a statement, President Joe Biden said cybersecurity has been “a core priority” of his administration since its earliest days.

“We are bringing the full strength of the federal government to disrupt malicious cyber activity and actors, bolster resilience at home, address the abuse of virtual currency to launder ransom payments, and leverage international cooperation to disrupt the ransomware ecosystem and address safe harbors for ransomware criminals,”Mr Biden said.

“While much work remains to be done, we have taken important steps to harden our critical infrastructure against cyberattacks, hold accountable those that threaten our security, and work together with our allies and partners around the world to disrupt ransomware networks — and my Administration will continue to use every tool available to us to protect the American people and American interests against cyber threats”.

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies


Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in