U.S. Government Acts Against Alleged REvil Hackers
The Justice Department announced two indictments while the State Department offered $10 million for information on other conspirators.
Federal agencies are claiming another victory in a global collaboration against ransomware with the indictment of two people allegedly behind the notorious REvil ransomware group and sanctions for them along with the virtual currency exchange Chatex.
Deputy Attorney General Lisa Monaco addressed would-be ransomware criminals directly in a press release Monday.
“In another success for the department’s recently launched Ransomware and Digital Extortion Task Force, criminals now know we will take away your profits, your ability to travel, and – ultimately – your freedom,” she said. “Together with our partners at home and abroad, the Department will continue to dismantle ransomware groups and disrupt the cybercriminal ecosystem that allows ransomware to exist and to threaten all of us.”
Justice released indictments for 22-year-old Ukranian national Yaroslav Vasinskyi and 28-year-old Russian national Yevgeniy Polyanin in connection with the July attack on Software firm Kaseya, which affected as many as 1,500 of their customers and exposed public and private organizations across the globe to attack. The department also seized $6.1 million in assets associated with ransomware payments from Polyanin. U.S. officials described the actions as a coordinated effort to go after the ransomware perpetrators behind a series of high-profile attacks on critical infrastructure this year.
Justice release credited authorities in Ukraine and Poland for the arrest of Vasinskyi, who is awaiting extradition to the U.S., as well as those in Romania for additional arrests in connection with the REvil group.
A release from the Treasury Department Monday noted the designation of Vasinskyi and Polyanin as sanctioned individuals along with their second-ever virtual currency exchange.
“Unprincipled virtual currency exchanges like Chatex are critical to the profitability of ransomware activities, especially by laundering and cashing out the proceeds for criminals,” reads the release. “Treasury will continue to use all available authorities to disrupt malicious cyber actors, block ill-gotten criminal proceeds, and deter additional actions against the American people.”
Other financial entities were also designated for their association with Chatex. Treasury’s Financial Crimes Enforcement Network on Monday also updated its guidance for the industry to avoid associating with potential sanctioned entities, including by facilitating ransomware payments.
The State Department, meanwhile, is offering a reward of up to $10 million for information that would help pinpoint and locate leaders of the ransomware group. State offered a similar reward on Thursday for information on those affiliated with the DarkSide ransomware group, which took responsibility for the Colonial Pipeline attack in May.
President Joe Biden praised all the agencies involved and referenced his meeting with Russian President Vladimir Putin following that attack.
“I commend the Department of Justice, and the FBI, the Department of State, and Department of the Treasury for their efforts to counter cyber threats,” he said in a press release. “When I met with President [Vladimir] Putin in June, I made clear that the United States would take action to hold cybercriminals accountable. That’s what we have done today.”