U.S. accuses man held in Poland with Kaseya ransomware attack, seizes $6 million

The United States continues to make good on its promise to go after cyber attackers, with the latest move the unsealing of charges against two people allegedly deploying Sodinokibi/REvil ransomware to attack businesses and government entities in the United States.

Yaroslav Vasinskyi, 22, a Ukrainian national, being held now in Poland, is named in an indictment, accused of conducting ransomware attacks against multiple victims, including the July attack against Kaseya.

Vasinskyi was taken into custody on Oct. 8 in Poland, where he is being held pending an extradition hearing to the United States. In parallel with the arrest, the U.S. Justice Department said, interviews and searches were carried out in multiple counties. A news report last month said Vasinskyi was arrested in a village on the Ukraine-Polish border. Today the U.S. said his arrest would not have been possible without the rapid response of the National Police of Ukraine and the Prosecutor Governor’s Office of Ukraine.

UPDATE: On March 10, 2022 the U.S Justice Department said Vasinski had been extradited to the U.S. 

The department also announced today the seizure of US$6.1 million in funds traceable to alleged ransom payments received by Yevgeniy Polyanin, 28, a Russian national, who is also charged with conducting Sodinokibi/REvil ransomware attacks against multiple victims, including businesses and government entities in Texas in 2019. It isn’t clear where Polyanin is now.

The Bleeping Computer news service notes that in a space of five months, seven affiliates of the REvil gang have been arrested.

As part of the latest indictments, the U.S. credited a number of law enforcement agencies around the world with their help, including the RCMP.

“Cybercrime is a serious threat to our country, to our personal safety, to the health of our economy, and to our national security,” U.S. Attorney General Garland said in a statement. “Our message today is clear. The United States, together with our allies, will do everything in our power to identify the perpetrators of ransomware attacks, to bring them to justice, and to recover the funds they have stolen from their victims.”

According to court documents, Vasinskyi was allegedly responsible for the July 2 ransomware attack against Kaseya. In the alleged attack, the U.S. says Vasinskyi caused the deployment of Sodinokibi/REvil code through a Kaseya product that caused it to spread the ransomware to customers around the world.

Vasinskyi and Polyanin are charged in separate indictments with conspiracy to commit fraud and related activity in connection with computers, substantive counts of damage to protected computers, and conspiracy to commit money laundering.

If convicted of all counts, each faces a maximum penalty of 115 and 145 years in prison, respectively.

Among those who commented on the arrests was Andy Bennett, currently chief information security officer (CISO) of Apollo Information Systems, who was part of a team that had to respond to the Texas attacks. “I could not be happier to see these particular threat actors brought to justice,” he said in a statement, “as it was REvil/Sodin who hit 23 local governments in Texas in August of 2019.  I was the incident commander for that incident, and we did not pay the ransom. I don’t know if information gathered from our incident contributed materially to this success, but I would like to think that we did our part.”

“The significance of these arrests is that ransomware just became a high-risk activity,” he added. “Up to this point, ransomware was a relatively low risk, high reward proposition for enterprising criminals.  It was seen, even by law enforcement, as nearly impossible to catch and prosecute ransomware gangs operating in Eastern Europe and other parts of the world due to difficulties in tracking and controlling cryptocurrencies used for payment and massive procedural and jurisdictional hurdles.  Clearly, these are no longer showstoppers and it will definitely put the rest of the ransomware gangs on edge and on notice that they could be next.  REvil was one of the most prolific ransomware gangs and they were virtually untouchable, until now.”

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now