Tuesday, January 25, 2022

U.S. accuses man held in Poland with Kaseya ransomware attack, seizes $6 million

The United States continues to make good on its promise to go after cyber attackers, with the latest move the unsealing of charges against two people allegedly deploying Sodinokibi/REvil ransomware to attack businesses and government entities in the United States.

Yaroslav Vasinskyi, 22, a Ukrainian national, being held now in Poland, is named in an indictment, accused of conducting ransomware attacks against multiple victims, including the July attack against Kaseya.

Vasinskyi was taken into custody on Oct. 8 in Poland, where he is being held pending an extradition hearing to the United States. In parallel with the arrest, the U.S. Justice Department said, interviews and searches were carried out in multiple counties. A news report last month said Vasinskyi was arrested in a village on the Ukraine-Polish border. Today the U.S. said his arrest would not have been possible without the rapid response of the National Police of Ukraine and the Prosecutor Governor’s Office of Ukraine.

The department also announced today the seizure of US$6.1 million in funds traceable to alleged ransom payments received by Yevgeniy Polyanin, 28, a Russian national, who is also charged with conducting Sodinokibi/REvil ransomware attacks against multiple victims, including businesses and government entities in Texas in 2019. It isn’t clear where Polyanin is now.

The Bleeping Computer news service notes that in a space of five months, seven affiliates of the REvil gang have been arrested.

As part of the latest indictments, the U.S. credited a number of law enforcement agencies around the world with their help, including the RCMP.

“Cybercrime is a serious threat to our country, to our personal safety, to the health of our economy, and to our national security,” U.S. Attorney General Garland said in a statement. “Our message today is clear. The United States, together with our allies, will do everything in our power to identify the perpetrators of ransomware attacks, to bring them to justice, and to recover the funds they have stolen from their victims.”

According to court documents, Vasinskyi was allegedly responsible for the July 2 ransomware attack against Kaseya. In the alleged attack, the U.S. says Vasinskyi caused the deployment of Sodinokibi/REvil code through a Kaseya product that caused it to spread the ransomware to customers around the world.

Vasinskyi and Polyanin are charged in separate indictments with conspiracy to commit fraud and related activity in connection with computers, substantive counts of damage to protected computers, and conspiracy to commit money laundering.

If convicted of all counts, each faces a maximum penalty of 115 and 145 years in prison, respectively.

Among those who commented on the arrests was Andy Bennett, currently chief information security officer (CISO) of Apollo Information Systems, who was part of a team that had to respond to the Texas attacks. “I could not be happier to see these particular threat actors brought to justice,” he said in a statement, “as it was REvil/Sodin who hit 23 local governments in Texas in August of 2019.  I was the incident commander for that incident, and we did not pay the ransom. I don’t know if information gathered from our incident contributed materially to this success, but I would like to think that we did our part.”

“The significance of these arrests is that ransomware just became a high-risk activity,” he added. “Up to this point, ransomware was a relatively low risk, high reward proposition for enterprising criminals.  It was seen, even by law enforcement, as nearly impossible to catch and prosecute ransomware gangs operating in Eastern Europe and other parts of the world due to difficulties in tracking and controlling cryptocurrencies used for payment and massive procedural and jurisdictional hurdles.  Clearly, these are no longer showstoppers and it will definitely put the rest of the ransomware gangs on edge and on notice that they could be next.  REvil was one of the most prolific ransomware gangs and they were virtually untouchable, until now.”

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

After being all-digital last year, the Consumer Electronics Show is back in Las Vegas for 2022. Find all the latest news and announcements from the showroom floor at CES 2022.

Related Tech News