DOJ charges 2 involved with REvil hacking group; $6 million recovered

by mcardinal

Willie R. Tubbs, FISM News


A U.S. Department of Justice counterattack on hackers has yielded a pair of arrests and the recovery of millions of dollars from men believed to be associated with the hacking group that attacked numerous American businesses over the past year. 

On Monday, Attorney General Merrick Garland announced in a speech that two men, one from Ukraine and another a Russian national, had been charged in connection with a ransomware attack on Kaseya, a multinational company that provides internet security and infrastructure services. 

Garland announced that Yaroslav Vasinskyi, known by the online moniker Rabotnik, had been indicted in August for his role in an attack on Kaseya that resulted in thousands of Kaseya’s customers’ computers being infected and hundreds of millions of dollars in ransom paid to the hackers. 

Additionally, Vasinskyi is believed to be among the people responsible for creating the software the criminal group REvil used to attack servers. 

According to Garland, Vasinskyi was arrested when he traveled from Ukraine to Poland over the summer. Polish officials, at the urging of the United States, made the initial arrest. 

Vasinskyi’s indictment had previously been sealed, but Garland said he elected to make this information public as the “arrest demonstrates how quickly we will act, alongside our international partners, to identify, locate and apprehend alleged cybercriminals – no matter where they are located.”

Garland also announced the indictment of Yevgeniy Polyanin, a Russian national, for charges relating to 3,000 cyberattacks on companies across the nation, as well as law enforcement agencies and municipalities in Texas. No information was provided on where or how Polyanin was arrested. 

The Justice Department also announced the seizure of $6.1 million of Polyanin’s assets, which while substantive is a fraction of the at least $200 million in ransom REvil hackers collected from U.S. victims. 

“Ransomware attacks are fueled by criminal profits,” Garland said. “That is why we are not just pursuing the individuals responsible for those attacks. We are also committed to capturing their illicit profits and returning them, whenever we can, to the victims from whom they were extorted.”

Kaseya has been forced to take drastic measures to restore the faith of its customers in the company’s security. In mid-October, the company announced it had hired a former FBI special agent to oversee its cybersecurity

Among other notable victims of REvil have been the JBS meatpacking company and wireless provider T-Mobile

In the wake of the Kaseya incident, and following a meeting with Russian President Vladimir Putin, President Joe Biden ordered an investigation into ransomware attacks being launched on U.S. businesses. 

“When I met with President Putin in June, I made clear that the United States would take action to hold cybercriminals accountable,” Biden said in a statement. “That’s what we have done today. We are bringing the full strength of the federal government to disrupt malicious cyber activity and actors, bolster resilience at home, address the abuse of virtual currency to launder ransom payments, and leverage international cooperation to disrupt the ransomware ecosystem and address safe harbors for ransomware criminals.”

This is the most recent of a series of countermeasures taken by various U.S. agencies and experts to stifle the rise of ransomware attacks.  

In June, following a ransomware attack on the Colonial Pipeline, the Justice Department’s Ransomware Taskforce recovered most of the money Colonial paid for the restoration of access to its system. 

In late October, U.S. cyber experts managed to force REvil offline by hacking into the criminal enterprise’s servers. Four days ago, the Department of State offered $10 million for information on the identity and location of DarkSide ransomware criminal group