US seizes $6 million in ransom payments and expected to charge Ukrainian over major cyberattack

Yaroslav Vasinskyi, a Ukrainian national who was arrested in Poland last month, is to face US charges for deploying ransomware known as REvil, which has been used in hacks that have cost US firms millions of dollars. Vasinskyi conducted a ransomware attack over the Fourth of July weekend on Florida-based software firm Kaseya that infected up to 1,500 businesses around the world, according to the charges the Justice Department is expected to announce.

Vasinskyi and another alleged REvil operative, Russian national Yevgeniy Polyanin, are expected to be charged with conspiracy to commit fraud and conspiracy to commit money laundering, among other charges. As part of the investigation, authorities seized at least $6 million in funds allegedly linked to ransom payments received by Polyanin, US officials are expected to announce.

Vasinskyi, 22, is being held in Poland pending US extradition proceedings, while Polyanin, 28, remains at large.

The law enforcement bust is one of the most impactful actions yet in the Biden administration’s multipronged fight against ransomware, which accelerated after a series of hacks hampered US critical infrastructure firms this year. While some ransomware groups have continued to breach US companies and demand payment, others have gone quiet in recent months.

Hackers have breached organizations in defense and other sensitive sectors, security firm says
US officials have pursued diplomacy with the Russian government, sanctioned a cryptocurrency exchange and exhorted companies to raise their cyber defenses. But experts say that putting ransomware operators in handcuffs is a crucial part of the US strategy to curb attacks. Romanian authorities last week arrested two additional alleged REvil operatives, Europol announced Monday. And South Korean authorities last month extradited to the US a Russian man accused of being part of a different crime ring that infected millions of computers worldwide.

In a crowded landscape of cyber crooks, REvil has stood out for a series of brazen attacks. The group reportedly demanded $50 million from Apple earlier this year after hacking one of the tech giant’s suppliers.

The FBI has also blamed REvil for a May ransomware attack on JBS USA, which accounts for about a fifth of US beef production. The incident forced JBS to temporarily shut down production at facilities in Australia, Canada and the US. JBS paid the hackers $11 million to unlock their systems.

REvil has had a volatile few months. The websites the group uses to extract ransoms and shame victims went offline after the Kaseya hack, only to reemerge in September. But the group shut down again last month after a foreign government and Cyber Command, the US military’s hacking unit, compromised the group’s computer infrastructure, according to a Washington Post report.
State Department offers $10M for information on Colonial Pipeline hackers
President Joe Biden in June asked Russian President Vladimir Putin to take action against criminal hackers that were holding US companies hostage. But the Russian government has historically been reluctant to pursue cybercriminals on its own soil as long as the hackers refrain from hitting Russian targets.
Since the Biden-Putin summit, “We have not seen a material change in the landscape,” US Deputy Attorney General Lisa Monaco told the Associated Press last week. “Only time will tell as to what Russia may do on this front.”

To turn up the pressure, the State Department last week announced a $10 million reward for key information on the hackers behind the so-called DarkSide ransomware, which forced major US fuel provider Colonial Pipeline to shut down for days in May.

No single law enforcement action will be a fatal blow to the lucrative, transnational ransomware economy.

Victims of ransomware attacks paid about $350 million in ransoms in 2020, according to Chainalysis, a firm that tracks cryptocurrency. But that figure is likely just a fraction of the digital extortion that went on that year. And victims who don’t pay the ransom can spend millions of dollars rebuilding their computer infrastructure.

FBI Director Christopher Wray told US lawmakers in September that the bureau was investigating more than 100 different types of ransomware.

CNN’s Evan Perez contributed reporting.

source: cnn.com