The Justice Department announced that an alleged member the REvil hacking organization was arrested and indicted. This group is linked to ransomware attacks against Kaseya, an Apple supplier and IT firm Kaseya. The department says Yaroslav Vasinskyi, a Ukrainian national, is being extradited to the US. He was detained by Polish authorities in October, and indicted for cybercrimes by the US in August. This information is now unveiled in a court document. This arrest and the seizure by the government of assets linked to REvil's operations is another step in fighting ransomware.
DOJ claims that it also seized assets worth $6.1 million from the FTX cryptocurrency trading exchange. These assets were allegedly linked with REvil ransomware. Russian national YevgeniyPolyanin was also indicted on charges of conspiring with REvil to target corporate and government targets. Polyanin was also arrested in August. However, CNN and the DOJ report that he has not been captured yet.
REvil would wipe out company backups before encryption their data
Below are the indictments that detail REvil's alleged actions of hacking into computers networks and taking control. Then, REvil is accused of stealing data from companies, locking out their rightful owners by encrypting and deleting backups. However, companies would be able access the data again if they paid ransom. Otherwise, their data could have been sold or posted on the internet. Quanta, an Apple supplier, was the victim of this. Quanta's documents detailing Apple's new MacBooks were published to REvil's blog long before any official information.
Although the indictments do not specify what role Vasinskyi or Polyanin played in the attacks they only accuse them of being involved in and working with other members to execute attacks. If convicted of all charges, Vasinskyi or Polyanin could face more than 100 years imprisonment according to the Department of Justice. Two more people were also detained by REvil. The government is willing to spend big to catch more alleged members. It offers a reward of up to $10M for information leading to the arrests of REvil leaders and $5M for information about those trying to work for them.
As ransomware becomes more costly, the US is turning its attention to ransomware.
The government is working against ransomware operators by pursuing and arresting REvil users. Reports started to surface in October that the FBI Secret Service, Cyber Command, and the Secret Service had taken REvil's website offline with some of their own tactics. It was named by the Treasury Department in a report as one among the largest ransomware organizations based on its payout size.
Similar US Treasury: Ransomware payouts could surpass entire decade in 2021
Ransomware attacks on major US targets have increased in recent years. The US government has created a ransomware taskforce and set up a team of investigators to look into cryptocurrency-related crimes. In a statement, President Joe Biden stated that the government will use its "full power" to "disrupt malignant cyber activity and actors" as well as that it would arrest and seize financial assets to help track down cyber criminals. Acting US Attorney Chad E. Meacham also said that the Justice Department would "delve into the darkest corners and farthest reaches to the globe to find cyber criminals."
Unsealed Vasinskyi indictment
Unsealed Indictment on Polyanin