Tuesday, September 27, 2022
Home Tech News U.S. accuses man held in Poland with Kaseya ransomware attack, seizes $6...

U.S. accuses man held in Poland with Kaseya ransomware attack, seizes $6 million

The United States continues to make good on its promise to go after cyber attackers, with the latest move the unsealing of charges against two people allegedly deploying Sodinokibi/REvil ransomware to attack businesses and government entities in the United States.

Yaroslav Vasinskyi, 22, a Ukrainian national, being held now in Poland, is named in an indictment, accused of conducting ransomware attacks against multiple victims, including the July attack against Kaseya.

Vasinskyi was taken into custody on Oct. 8 in Poland, where he is being held pending an extradition hearing to the United States. In parallel with the arrest, the U.S. Justice Department said, interviews and searches were carried out in multiple counties. A news report last month said Vasinskyi was arrested in a village on the Ukraine-Polish border. Today the U.S. said his arrest would not have been possible without the rapid response of the National Police of Ukraine and the Prosecutor Governor’s Office of Ukraine.

The department also announced today the seizure of US$6.1 million in funds traceable to alleged ransom payments received by Yevgeniy Polyanin, 28, a Russian national, who is also charged with conducting Sodinokibi/REvil ransomware attacks against multiple victims, including businesses and government entities in Texas in 2019. It isn’t clear where Polyanin is now.

The Bleeping Computer news service notes that in a space of five months, seven affiliates of the REvil gang have been arrested.

As part of the latest indictments, the U.S. credited a number of law enforcement agencies around the world with their help, including the RCMP.

“Cybercrime is a serious threat to our country, to our personal safety, to the health of our economy, and to our national security,” U.S. Attorney General Garland said in a statement. “Our message today is clear. The United States, together with our allies, will do everything in our power to identify the perpetrators of ransomware attacks, to bring them to justice, and to recover the funds they have stolen from their victims.”

According to court documents, Vasinskyi was allegedly responsible for the July 2 ransomware attack against Kaseya. In the alleged attack, the U.S. says Vasinskyi caused the deployment of Sodinokibi/REvil code through a Kaseya product that caused it to spread the ransomware to customers around the world.

Vasinskyi and Polyanin are charged in separate indictments with conspiracy to commit fraud and related activity in connection with computers, substantive counts of damage to protected computers, and conspiracy to commit money laundering.

If convicted of all counts, each faces a maximum penalty of 115 and 145 years in prison, respectively.

Among those who commented on the arrests was Andy Bennett, currently chief information security officer (CISO) of Apollo Information Systems, who was part of a team that had to respond to the Texas attacks. “I could not be happier to see these particular threat actors brought to justice,” he said in a statement, “as it was REvil/Sodin who hit 23 local governments in Texas in August of 2019.  I was the incident commander for that incident, and we did not pay the ransom. I don’t know if information gathered from our incident contributed materially to this success, but I would like to think that we did our part.”

“The significance of these arrests is that ransomware just became a high-risk activity,” he added. “Up to this point, ransomware was a relatively low risk, high reward proposition for enterprising criminals.  It was seen, even by law enforcement, as nearly impossible to catch and prosecute ransomware gangs operating in Eastern Europe and other parts of the world due to difficulties in tracking and controlling cryptocurrencies used for payment and massive procedural and jurisdictional hurdles.  Clearly, these are no longer showstoppers and it will definitely put the rest of the ransomware gangs on edge and on notice that they could be next.  REvil was one of the most prolific ransomware gangs and they were virtually untouchable, until now.”

- Advertisment -

Most Popular

Former Calgary Dino now a rookie with NFL’s Los Angeles Chargers

Canadian Deane Leonard has certainly taken the path less travelled to the NFL’s Los Angeles Chargers. The 22-year-old cornerback is in his rookie season with...

‘Impact success!’ Nasa spacecraft smashes asteroid in first ever ‘planetary defence test’

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video Nasa has successfully crashed a spacecraft into a small asteroid...

TikTok could face £27m fine for failing to protect children’s privacy

TikTok could face £27m fine for failing to protect children’s privacyInvestigation finds video-sharing app may have breached UK data protection law between 2018 and...

Eight states sue crypto lender Nexo over security sales and misleading marketing

/ New York’s attorney general alleges that the company’s Earn Interest Product was a security, one that the company wasn’t registered to sell,...