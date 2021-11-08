CreatorsPublishersAdvertisers
Public Safety

US charges 2 suspected major ransomware operators

By ERIC TUCKER, ALAN SUDERMAN
The Associated Press
The Associated Press
 6 days ago
https://img.particlenews.com/image.php?url=2M2Phj_0cq3zyLI00
1 of 4

WASHINGTON (AP) — A suspected Ukrainian hacker has been arrested and charged in the United States in connection with a string of costly ransomware attacks, including one that snarled businesses around the globe on the Fourth of July weekend, U.S. officials said Monday.

Yaroslav Vasinskyi was arrested last month after traveling to Poland, according to the Justice Department, which also announced the recovery of $6.1 million in ill-gotten funds from a Russian national who was separately charged and remains sought by the FBI.

Both men are alleged to be affiliated with the prolific Russia-based REvil ransomware gang, whose attacks have compromised tens of thousands of computers worldwide and yielded at least $200 million in extorted ransom payments, said Attorney General Merrick Garland. Victims have included the world’s largest meat processor, JBS SA, and a technology company called Kaseya, which was hit in a holiday weekend attack that the company said affected between 800 and 1,500 businesses that relied on its software.

The coordination of multiple agencies across the Biden administration amounted to perhaps the most high-profile response to date to a blitz of ransomware attacks that officials say continues to threaten national security and the economy. Deputy Attorney General Lisa Monaco appeared to foreshadow Monday’s announcement in an interview with The Associated Press last week, saying that “in the days and weeks to come, you’re going to see more arrests” as well as more seizures of illicit ransomware proceeds.

Speaking at a news conference Monday, she said, “We have been using every tool at our disposal and leveraging every authority we have to hunt down and hold accountable cybercriminals wherever they seek to hide.”

The indictment accuses Vasinskyi, 22, of deploying REvil ransomware, also known as Sodinokibi, against victims around the world — including the massive Kaseya attack. Yevgeniy Polyanin, a Russian national, is charged in a separate indictment that accuses him of conducting roughly 3,000 ransomware attacks on companies and other entities across the U.S., including law enforcement agencies and local governments in the state of Texas.

Both indictments were filed in federal court in the Northern District of Texas, a state where REvil ransomware compromised the computer networks of some two dozen local government agencies in the summer of 2019.

The U.S. is seeking Vasinskyi’s extradition from Poland to Texas. Though it successfully recovered from $6 million in ransomware payments from Polyanin, the FBI is continuing to seek his arrest, and the State Department on Monday announced a $10 million reward for anyone with information leading to the capture of any leaders of the REvil group.

The Treasury Department, meanwhile, announced sanctions against the pair as well as what it said was a virtual currency exchange, Chatex, was used by ransomware gangs.

President Joe Biden commended the government’s actions, saying he was making good on his commitment to Russian leader Vladimir Putin that the U.S. would hold cyber criminals accountable. He said the U.S. was “bringing the full strength of the federal government to disrupt malicious cyber activity and actors” and to “bolster resilience at home.”

The announcement of the criminal charges came hours after European law enforcement officials revealed the results of a lengthy, 17-nation operation known as GoldDust. As part of that operation, Europol said, a total of seven hackers linked to REvil and another ransomware family have been arrested since February, including two last week by Romanian authorities.

The Justice Department has tried multiple ways to address a ransomware wave that it regards as a national security and economic threat. Arrests of foreign hackers are significant for the Justice Department since many of them operate in the refuge of countries that do not extradite their own citizens to the U.S. for prosecution.

“There’s lots of reasons why people travel, and I can’t get into the specific reasons why Mr. Vasinskyi traveled, but boy are we glad he did,” FBI Director Christopher Wray said Monday.

Even so, the ransomware threat has been hard to curb. Monaco told the AP last week that even since Biden’s admonitions to Putin last summer to rein in ransomware gangs, “we have not seen a material change in the landscape.”

Garland declined to answer directly when asked if there was evidence that the Russian government was aware of REvil’s activities, but said, “we expect and hope that any government where these ransomware actors is residing will do everything it can to provide that person to us for prosecution.”

The $6.1 million seizure in this case builds on a similar success from months ago.

The Justice Department in June seized $2.3 million in cryptocurrency from a payment made by Colonial Pipeline following a ransomware attack that caused the company to temporarily halt operations, creating fuel shortages in parts of the country.

___

Suderman reported from Richmond, Virginia. Associated Press writer Jake Bleiberg in Dallas contributed to this report.

____

Follow Eric Tucker on Twitter at http://www.twitter.com/etuckerAP.

Comments / 64

Jamie Kelly
6d ago

GOOD JOB! Global cooperation got the job done. Too bad Americans can’t figure out how to work together for the good of our country. Smh

Reply(5)
16
jody
6d ago

How much did we spend on cyber security in then infrastructure bill? $0. Do we remember the IRS got hacked and now they want access to our bank accounts.

Reply(8)
10
G. Moo
6d ago

probably have very strong Democratic ties one of them was probably in the list that Joe Biden shared with the Russians while Hunter was in China and then they switch to pick up the package of money you sure they're getting paid off

Reply
6
Related
Canyon News

Arrests Made In FBI Trump-Russia Investigation

UNITED STATES—The Department of Justice (DOJ) announced that they have taken action against two foreign nationals charged with deploying Sodinokibi/REvil ransomware attacks on businesses and government agencies across the United States. An indictment was unsealed on November 8, charging 22-year-old Ukrainian national, Yaroslav Vasinkskyi with conducting ransomware attacks on multiple...
PUBLIC SAFETY
TechRepublic

US amps up war on ransomware with charges against REvil attackers

One person fingered for the July 2021 attack against Kaseya is in custody, while the other individual is still at large. The United States has taken another significant legal step in its battle against ransomware. On Monday, the US Department of Justice announced formal charges against two foreign nationals for their role in deploying REvil ransomware attacks against organizations throughout the country. Based on the indictments, the two individuals accessed the networks of their intended victims and used the Sodinokibi/REvil ransomware to encrypt sensitive data and hold it hostage.
PUBLIC SAFETY
RELATED LOCAL CHANNELS
State
Texas State
State
Virginia State
State
Washington State
Dark Reading

US Charges Ukrainian National for Kaseya Ransomware Attack

The US Department of Justice has charged a Ukrainian national for his alleged role in a July 2 cyberattack on Kaseya that resulted in the REvil ransomware sample being deployed on some 1,500 of the company's downstream customers. Yaroslav Vasinskyi, 22, was arrested in Poland on Oct. 8 on a...
PUBLIC SAFETY
New York Post

US charges two men over July 4 ransomware attacks, seizes $6M in payments

US law enforcement officers seized more than $6 million in ransom payments and charged a Ukrainian and a Russian in connection with a series of ransomware attacks that hobbled businesses around the world on the Fourth of July, the Justice Department said Monday.​. Yaroslav Vasinskyi, a Ukranian who was arrested...
PUBLIC SAFETY
stockxpo.com

REvil ransomware arrests: U.S. seek extradition of Ukrainian, 2 others busted in international cyberattacks

U.S. authorities are seeking the extradition of a Ukrainian man suspected of collecting $2.3 million in ransom after using REvil ransomware to attack about 2,500 targets, NBC News reported Monday. Earlier Monday, the European law enforcement agency Europol announced that Romanian authorities have arrested two other people suspected of cyberattacks...
PUBLIC SAFETY
RELATED PEOPLE
Person
Lisa Monaco
Person
Joe Biden
Person
Vladimir Putin
Person
Merrick Garland
The Independent

REvil ransomware attacks: US announces crackdown on Russia-linked hackers as two charged and $6.1m seized

The Department of Justice on Monday announced a major crackdown on Russia-linked ransomware gangs, including the seizure of $6.1m from one ransomware actor and the unsealing of charges against two men linked to ransomware attacks this past year.One of the two, Yaroslav Vasinskyi of Ukraine, was taken into custody in Poland last month, and has had $6.1m in assets seized by the Justice Department. The other, a Russian national called Yevgeniy Polyanin, remains at large.Both men are facing charges for their roles in the deployment of ransomware known as REvil, which was used in a 2 July attack against a...
PUBLIC SAFETY
TechCrunch

US charges Kaseya hacker and seizes $6M from REvil ransomware gang

During a news conference on Monday, U.S. Attorney General Merrick Garland announced that Yaroslav Vasinskyi was arrested last month in Poland at the request of the U.S. government and is currently being held pending U.S. extradition proceedings. Vasinskyi, who used different names online to avoid detection, is accused of being a long-time affiliate of the now-defunct REvil ransomware operation and of deploying 2,500 attacks against businesses worldwide.
PUBLIC SAFETY
bleepingcomputer.com

Operation Cyclone deals blow to Clop ransomware operation

A thirty-month international law enforcement operation codenamed 'Operation Cyclone' targeted the Clop ransomware gang, leading to the previously reported arrests of six members in Ukraine. In June, BleepingComputer reported that Ukrainian law enforcement arrested members of the Clop ransomware gang involved in laundering ransom payments. This Friday, new information came...
PUBLIC SAFETY
inforisktoday.com

VP Kamala Harris: US Will Join 80-Nation Cybersecurity Pact

The U.S. has joined an 80-nation agreement that sets collective goals for cyberspace, with a particular focus on internet integrity, electoral security, intellectual property theft, use of malign hacking tools and more. Vice President Kamala Harris confirmed U.S. entry into the multistate pact following a meeting with French President Emmanuel Macron on Wednesday.
U.S. POLITICS
IN THIS ARTICLE
#U S Justice Department#Fbi#Ransomware#Ap#Ukrainian#The Justice Department#Russian#Jbs Sa#Sodinokibi
securityboulevard.com

US Treasury Again Threatens to Sanction Ransomware Victims

On September 21, 2021, the U.S. Treasury Department’s Office of Foreign Asset Control (OFAC) published an updated advisory to advise those who pay ransom to unknown threat actors who have stolen or locked up their data about potential sanctions risks to the crime victim associated with making and facilitating ransomware payments. The new advisory supersedes one promulgated in October of last year, but the thrust remains the same: Pay ransom at your peril.
PUBLIC SAFETY
Reuters

U.S. to partner with Israel to combat ransomware attacks

Nov 14 (Reuters) - The U.S. Treasury Department said on Sunday it will partner with Israel to combat ransomware, with the two countries launching a joint task force to address cybersecurity. The task force will develop a memorandum of understanding supporting information sharing related to the financial sector, including cybersecurity...
WORLD
UPI News

U.S., Israel create joint task force to combat ransomware

Nov. 14 (UPI) -- The U.S. Treasury announced Sunday the development of a joint task force with Israel's Ministry of Finance to combat ransomware attacks and reinforce international cybersecurity. In a statement, the Treasury said it and the ministry established the partnership to protect critical financial infrastructure and expand international...
WORLD
YOU MAY ALSO LIKE
Country
Poland
NewsBreak
Public Safety
NewsBreak
U.S. Department of Justice
abc17news.com

FBI warns US companies about Iranian hackers

Iranian hackers have searched cybercriminal websites for sensitive data stolen from American and foreign organizations that could be useful in future efforts to hack those organizations, the FBI said in an advisory sent to US companies obtained by CNN. The Iranian hackers have taken an interest in dark-web forums, where...
PUBLIC SAFETY
The Associated Press

The Associated Press

648K+
Followers
347K+
Post
296M+
Views
ABOUT

News from The Associated Press, the definitive source for independent journalism from every corner of the globe.

Comments / 0

Community Policy