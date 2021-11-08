The Ukrainian, Yaroslav Vasinskyi, allegedly was involved in an attack in July on Florida-based software firm Kaseya, according to court documents.
Vasinskyi hacked Kaseya and other companies, prosecutors said in an 11-count indictment that was unsealed in the Northern District of Texas on Friday and posted on Monday. Authorities arrested Vasinskyi on the Poland-Ukraine border on Oct. 8, and the United States wants him extradited from Poland, according to a court filing.
Vasinskyi conducted around 2,500 ransomware attacks where REvil demanded a total of $767 million, according to the filing. In all, hackers received around $2.3 million in ransom from the cyberattacks, prosecutors said. Victims included organizations in eight states including Texas.
The Justice Department also announced that authorities seized at least $6.1 million in funds allegedly linked to ransom payments received by Polyanin.
Ransomware is a form of malware that locks up computers by encrypting the data on them, and hackers demand often exorbitant payments to unlock the computers.
Earlier Monday, European law enforcement agencies announced the Nov. 4 arrests in Romania of two other hackers affiliated with REvil, one of the most notorious Russian-speaking ransomware groups. The two hackers arrested allegedly pocketed nearly $600,000 in ransom payments, Europol said.
The arrests were the result of a wider-ranging European and American criminal investigation.
The Biden administration has made countering ransomware a top priority, and has elevated it to the level of a national security issue ever since the May attack on Colonial Pipeline, which led the company to temporarily shut down its pipeline, causing widespread panic gasoline buying on the East Coast.
REvil was responsible for an attack on JBS, the world’s largest meat supplier, in the spring. That attack temporarily shut down some company operations in Australia, Canada and the United States. JBS paid an $11 million ransom to unlock its computers, according to the company.
In July, REvil hacked Kaseya, affecting dozens of its clients when network management software updates were infected with ransomware. Kaseya estimated between 800 and 1,500 businesses ultimately were impacted, ranging from schools to grocery chains to hospitals.
REvil has claimed at least 300 victims since May 2019, according to the cyber threat intelligence firm Recorded Future.
The announcements Monday reflect a concerted effort by agencies across the federal government as well as by international partners to fight ransomware. Ransomware payments rose to more than $400 million globally last year, according to the White House.
Even more important than the arrests is the signal it sends to these groups, said one senior administration official. It shows “that you can make inroads. You can hold these people at risk and therefore they’re not invincible. And we’re not alone,” the official said.
According to Europol, since February, law enforcement authorities have arrested three other affiliates of REvil. Affiliates are hackers who carry out the ransomware attacks on behalf of the group by deploying the malware on victims and giving the group — in this case REvil — a cut of the ransom.
At least 17 countries and international law enforcement agencies were involved in the operation targeting the group, Europol said.
The State Department plans to announce that it is adding REvil to a bounty program offering up to $10 million in reward for information leading to the identification or location of any key leader of REvil, according to officials.
Aaron Schaffer contributed to this report.