WASHINGTON (AP) – Suspected Ukrainian hacker arrested and charged in the United States in a series of costly ransomware attacks, including one that harassed businesses around the world over the weekend of July 4 US officials said on Monday.
Yaroslav Vasinskyi was arrested last month after a trip to Poland, according to the Justice Ministry, which also announced the recovery of $ 6.1 million in ill-gotten funds from a Russian national who was charged separately and wanted by the police.
Both men are believed to be affiliated with the Russia-based ransomware gang REvil, which has been blamed for hacks that extorted at least $ 200 million in payments, said Attorney General Merrick Garland. Last year, the victims included the world’s largest meat processor, JBS SA, and a software company called Kaseya, in a holiday weekend attack that the company said affected between 800 and 1,500 companies.
The involvement of multiple agencies in the Biden administration has been perhaps the most high-profile response to date to a blitz of ransomware attacks that officials say continue to threaten national security and the economy. Deputy Attorney General Lisa Monaco appeared to foreshadow the announcement in an interview with The Associated Press last week, saying that “in the days and weeks to come you are going to see more arrests.”
Speaking at a press conference on Monday, she said: “We have used every tool at our disposal and leveraged every authority at our disposal to track down and hold cybercriminals to account wherever they seek to hide. . “
The indictment accuses 22-year-old Vasinskyi of deploying REvil ransomware, also known as Sodinokibi, against victims around the world, including the massive Kaseya attack. Yevgeniy Polyanin, a Russian national, is indicted in a separate indictment accusing him of participating in a series of attacks and leaving electronic notes on victims’ computers to help them pay ransoms and decrypt their files.
The two indictments were filed in federal court in the Northern District of Texas, a state where the REvil ransomware compromised the computer networks of some 20 local government agencies in the summer of 2019.
The United States requests the extradition of Vasinskyi from Poland to Texas. Despite being successful in recovering $ 6 million in ransomware payments from Polyanin, the FBI continues to seek his arrest, and the State Department on Monday announced a reward of $ 10 million for anyone with information leading to the capture of any leader of the REvil group.
The Treasury Department, meanwhile, announced sanctions against the pair as well as what it said was a virtual currency exchange, Chatex, has been used by ransomware gangs.
President Joe Biden praised the government’s actions, saying he was keeping his commitment to Russian leader Vladimir Putin that the United States would hold cybercriminals accountable. He said the United States was “using all the strength of the federal government to disrupt cyber activities and malicious actors” and to “build resilience at home.”
The announcement of the criminal charges came hours after European law enforcement revealed the results of a lengthy operation in 17 countries known as GoldDust. As part of the operation, Europol said, a total of seven hackers linked to REvil and another ransomware family have been arrested since February, including two last week by Romanian authorities.
The Justice Department has tried multiple ways to deal with a wave of ransomware it sees as a threat to national security and the economy. Arrests of foreign hackers are important to the Justice Department, as many of them operate in the safe haven of countries that do not extradite their own citizens to the United States for prosecution.
“There are a lot of reasons why people travel, and I cannot go into the specific reasons why Mr. Vasinskyi traveled, but we are happy that he did,” the director of the FBI, Christopher Wray.
Despite this, the threat of ransomware has been difficult to contain. Monaco told the AP last week that even since Biden’s warnings to Putin last summer to curb ransomware gangs, “we haven’t seen a significant change in the landscape.”
Garland declined to respond directly when asked if there was any evidence the Russian government knew about REvil’s activities, but said we are suing.
The $ 6.1 million seizure in that case builds on a similar success from months ago.
In June, the Justice Department seized $ 2.3 million in cryptocurrency from a payment made by Colonial Pipeline following a ransomware attack that caused the company to temporarily shut down operations, creating fuel shortages in parts of the country.
Suderman reported from Richmond, Virginia. Associated Press writer Jake Bleiberg in Dallas contributed to this report.
Follow Eric Tucker on Twitter at http://www.twitter.com/etuckerAP.
Copyright 2021 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed without permission.