US seizes $ 6 million in ransom payments, accuses Ukraine of major cyber attack

Yaroslav Vasinskyi, a Ukrainian national who was arrested in Poland last month, is accused of implementing a ransomware known as REvil, which has been used in attacks that have cost US companies millions of dollars. Vasinskyi carried out a ransomware attack over the weekend of July 4 against Florida-based software company Kaseya that infected up to 1,500 companies worldwide, according to an indictment revealed Monday.

Vasinskyi and another suspected REvil operative, Russian citizen Yevgeniy Polyanin, are charged with conspiracy to commit fraud and conspiracy to commit money laundering, among other charges. As part of the investigation, authorities seized at least $ 6 million in funds allegedly linked to ransom payments received by Polyanin, US officials said.

CNN was the first to report on the law enforcement actions before the Justice Department announcement.

The law enforcement raid is one of the most shocking actions so far in the Biden administration’s multi-pronged fight against ransomware, which was accelerated after a series of attacks that hampered US critical infrastructure companies. This year. While some ransomware groups have continued to breach US companies and demand payments, others have been quiet in recent months.

Attorney General Merrick Garland told a news conference that the United States and its allies would do “everything in our power” to track down the ransomware operatives and recover the money “they have stolen from the American people.”

Vasinskyi, 22, is detained in Poland pending extradition proceedings from the United States, while Polyanin, 28, remains at large. CyberScoop, first reported that Vasinskyi had been arrested.

On Monday, the Treasury Department also imposed sanctions on Vasinskyi and Polyanin, as well as the cryptocurrency exchange that has allegedly moved money for ransomware operations.

Meanwhile, the State Department announced a reward of up to $ 10 million for information leading to the identification or location of the leadership of the REvil ransomware gang. The department also offers up to $ 5 million for information leading to the arrest or conviction of anyone who conspires or attempts to participate in REvil ransomware attacks.

US officials have exercised diplomacy with the Russian government, sanctioned a cryptocurrency Exchange and called on companies to raise their cyber defenses. But experts say that putting ransomware operators in handcuffs is a crucial part of America’s strategy to curb attacks. Romanian authorities arrested two additional suspected REvil operatives last week, Europol announced on Monday. AND South Korean authorities Last month he extradited to the United States a Russian man accused of being part of a different criminal network that infected millions of computers around the world.

In a statement later Monday, President Joe Biden said: “We are bringing the full force of the federal government to disrupt malicious cyber activity and actors, strengthen resilience at home, address the abuse of virtual currency to launder money. ransom payments and leveraging cooperation to disrupt the ransomware ecosystem and address safe havens for ransomware criminals. ”

The Biden administration has made fighting ransomware groups a priority

Biden IIn June, he called on Russian President Vladimir Putin to crack down on criminal hackers holding American companies hostage. But the Russian government has historically been reluctant to go after cybercriminals on its own territory as long as the hackers refrain from attacking Russian targets.
Since the Biden-Putin summit, “We have not seen a material change in the landscape,” said US Deputy Attorney General Lisa Monaco. told the Associated Press In the past week. “Only time will tell what Russia can do on this front.”

Garland declined to comment Monday when asked if the Russian government was aware of REvil’s activity or condoned it, citing an ongoing investigation.

In a landscape cluttered with cybercriminals, REvil has stood out for a series of brazen attacks. The group reportedly demanded $ 50 million from Apple earlier this year after hacking into one of the tech giant’s suppliers.

The FBI also blamed REvil for a ransomware attack in May against JBS USA, which accounts for about a fifth of US beef production. The incident forced JBS to temporarily halt production at the Australian facility. , Canada and the United States. JBS paid the hackers $ 11 million to unlock their systems.

REvil has been deployed on some 175,000 computers worldwide, with at least $ 200 million paid in ransom, Garland said Monday.

Polyanin reportedly carried out around 3,000 ransomware attacks, including some on law enforcement agencies and municipalities throughout Texas, Garland said.

REvil has had a volatile few months. The websites the group uses to extract ransoms and shame victims went offline after the Kaseya hack, just to resurface in september. But the group shut down again last month after a foreign government and Cyber ​​Command, the US military’s hacking unit, compromised the group’s computing infrastructure, according to a Washington Post Report.
State Department Offers $ 10 Million for Information on Colonial Pipeline Hackers

To increase the pressure, the State Department last week announced a $ 10 million reward for key information about the hackers behind the so-called DarkSide ransomware, which forced major US fuel supplier Colonial Pipeline to shut down for days. in May.

Government agencies have relied heavily on private experts in their search for criminal hackers. The cybersecurity company Emsisoft, for example, saved victims of one type of ransomware millions of dollars in ransom payments by discover a flaw in the hackers’ code.

John Fokker, a former Dutch cybercrime investigator who now works with cybersecurity firm McAfee Enterprise, told CNN that his team had helped law enforcement identify several suspects involved in REvil and Gandcrab, another type of ransomware. .

No single police action will be a fatal blow to the lucrative transnational ransomware economy.

Victims of ransomware attacks paid around $ 350 million in ransoms in 2020, according to Chainalysis, a company that tracks cryptocurrencies. But that figure is probably just a fraction of the digital extortion that occurred that year. And victims who do not pay the ransom can spend millions of dollars rebuilding their computing infrastructure.

FBI Director Christopher Wray told US lawmakers in September that the office was investigating more than 100 different types of ransomware.

CNN’s Evan Pérez contributed to this report.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *