Close this search box.

Two Prominent Ransomware Hackers Targeted by U.S. Authorities

The author

“Our message to ransomware criminals is clear: If you target victims here, we will target you,” reads the warning from Deputy U.S. Attorney General Lisa Monaco. It’s no idle threat, either—it was attached to a press release detailing the arrest of two people allegedly involved in several Sodinokibi/REvil ransomware attacks.

Ukrainian national Yaroslav Vasinskyi, 22, was one of those arrested. He was allegedly responsible for the high-profile Kaseya attack in July, which injected ransomware into the systems of up to 1,500 victims via Kaseya’s VSA remote monitoring and management tool.

(Editor’s Note: to help protect your organization, ActualTech Media has published the definitive guide to ransomware. Get it here.)

The government action went beyond just arrests. The U.S. seized an alleged $6.1 million ransom payment made to Yevgeniy Polyanin, 28, a Russian national. He’s charged with using Sodinokibi/REvil ransomware attacks against multiple victims, including businesses and government entities, in Texas in August 2019.

Vasinskyi was arrested in October by Polish authorities at a border station while crossing from Ukraine into Poland. The U.S. Department of Justice (DOJ) issued the arrest warrant. According to The Hacker News, Vasinskyi is alleged to have been part of the ransomware operation at least since March 2019. He is accused of deploying about 2,500 attacks against businesses worldwide. Polyanin, according to the most recent information, is still at large.

As part of the Kaseya attack, REvil demanded a $70 million ransom, believed to be the largest ransom demand ever. CRN reported at the time the following message from a REvil website:

“On Friday (02.07.2021), we launched an attack on MSP providers,” REvil wrote on its dark web leak site late Sunday. “More than a million systems were infected. If anyone wants to negotiate about universal decryptor – our price is $70,000,000 BTC [Bitcoin] and we will publicly publish decryptor that decrypts files of all victims, so everyone will be able to recover from attack in less than an hour.”

Things have changed dramatically for REvil recently, however. The cabal was subjected to its own attack, courtesy of a multi-national effort to shut it down. The alliance of cyber-intelligence  and law enforcement experts compromised a number of REvil servers—through the common ransomware method of corrupting backups—and took down its network. REvil was also responsible for the famous Colonial Pipeline attack in May 2021.

As of the the time of this writing, there is no public indication that REvil has re-opened for business. However, ransomware actors typically re-form under another name when current operations are disrupted or killed.

The DOJ detailed the charges against the alleged hackers. It’s a frightening statement:

Vasinskyi and Polyanin are charged in separate indictments with conspiracy to commit fraud and related activity in connection with computers, substantive counts of damage to protected computers, and conspiracy to commit money laundering. If convicted of all counts, each faces a maximum penalty of 115 and 145 years in prison, respectively.

That’s serious jail time. It also indicates the increasing seriousness that the U.S. government attaches to ransomware attacks.

Sign Up For Our Newsletter

Don’t worry, we hate spam too!

Get The Latest On Ransomware Right In Your Inbox

Sign Up To Receive Our Monthly Ransomware Newsletter
Don’t worry, we hate spam too

Is This Your Business?
Get In Touch

Contact Us To Sponsor Your Business Listing & Learn More About The Benfits.

Before You Go!
Sign up to stay up to date with everything ransomware

Sign Up To Receive Our Monthly Ransomware Newsletter
Don’t worry, we hate spam too

JUST RELEASED: The 2024 State of Ransomware Survey is in.


Share via
Copy link
Powered by Social Snap