By Jeff Domansky
The US Department of Justice (DOJ) released criminal indictments against several global ransomware attackers in addition to the recovery of millions of dollars in proceeds of the cybercrime.
Yaroslav Vasinskyi, 22, a Ukrainian national, was charged with conducting ransomware attacks against multiple victims, including the July 2021 attack against multi-national information technology software company Kaseya.
Vasinskyi allegedly deployed the malicious Sodinokibi/REvil code throughout a Kaseya product causing it to distribute REvil ransomware to “endpoints” on Kaseya customer networks. The ransomware resulted in the encryption of data on the computers of Kaseya software customers around the world.
DOJ also announced the recovery of $6.1 million in funds traceable to alleged ransom payments received by Yevgeniy Polyanin, 28, a Russian national, also charged with conducting Sodinokibi/REvil ransomware attacks against businesses and government entities in Texas in August 2019.
Coordinated ransomware attacks
The indictments say Vasinskyi and Polyanin accessed internal computer networks of several victim companies and deployed Sodinokibi/REvil ransomware to encrypt the data on the computers of victim companies.
“Cybercrime is a serious threat to our country: to our personal safety, to the health of our economy, and to our national security,” said Attorney General Garland. “Our message today is clear. The United States, together with our allies, will do everything in our power to identify the perpetrators of ransomware attacks, to bring them to justice, and to recover the funds they have stolen from their victims.”
Ransomware attacks growing
“The arrest of Yaroslav Vasinskyi, the charges against Yevgeniy Polyanin and seizure of $6.1 million of his assets, and the arrests of two other Sodinokibi/REvil actors in Romania are the culmination of close collaboration with our international, US government and especially our private sector partners,” said FBI Director Christopher Wray.
The FBI director said the arrest demonstrated the importance of prosecuting ransomware attackers preying on local governments, the US financial and payments systems, critical infrastructure, public schools, healthcare operators, and corporations like Kaseya.
Meatpacking company JBS Foods paid $11 million in June 2021, and these attacks and ransomware payments are just the tip of the iceberg of reported cases. In May 2021, Colonial Pipelines paid ransomware hackers 75 bitcoin (approx. $5 million) after the now-infamous SolarWinds attack disrupting gas supplies on the US East Coast.
Kaseya cooperation critical to investigation
Just before the July 4th long weekend, US software company Kaseya’s VSA server was attacked and infected with malware, impacting the data and systems of more than 1,500 of its MSP customers.
Wray thanked Kaseya for moving quickly to inform customers and work with criminal investigators. “Kaseya’s swift response enabled the FBI and our partners to quickly figure out which of its customers were hit, and for us to quickly share information with Kaseya and its customers about what the adversaries were doing, and how the companies could best address the dangers.”
As a result, Wray said the FBI obtained a decryption key that allowed investigators to unlock and save Kaseya customer data and plot its response against the attackers.
“Ultimately, we were able both to unlock data and take bad actors out of operation, hitting Sodinokibi more broadly, seizing cryptocurrency and as you just heard, late last week, our Romanian partners arrested two other individuals,” he explained.
He also emphasized the importance of getting “breach reporting” legislation in place to fight future ransomware attacks, cybercrime, and other breaches. Wray said when the FBI is engaged early, it can provide more effective and better support to companies affected by cybercrime and seize money for it can disappear through a maze of wallets and exchanges.
“I want to thank Kaseya and other private sector partners for their invaluable help in this case and for the way they joined our response to the ransomware threat,” he added.
It’s really up to companies to stop paying ransomware, report incidents to the FBI and other investigators quickly, and better assess security weaknesses and prevent future cybercrime and ransomware attacks.
You can read the news release or watch the Department of Justice news conference with comments from Attorney General Merrick Garland, deputy AG Lisa Monaco, FBI Director Christopher Wray, and Acting US Attorney Chad Meacham for the Northern District of Texas here or in the video following.
LET’S CONNECT