US ‘will fight back’: REvil ransomware hackers charged in operation

Washington: The US Justice Department has charged a suspect from Ukraine and a Russian national over a July ransomware attack on an American company, according to indictments made in court filings on Tuesday AEDT, and has seized $6 million in ransom payments.

Yaroslav Vasinskyi, a Ukrainian national arrested in Poland last month, will face US charges for deploying ransomware known as REvil, which has been used in hacks that have cost US firms millions of dollars, the court filing showed.

Russian Yevgeniy Polyanin, wanted by the FBI, is displayed on monitors as Attorney General Merrick Garland accompanied by Deputy Attorney General Lisa Monaco and FBI Director Christopher Wray speak in Washington. Credit:AP

Vasinskyi conducted a ransomware attack over the July 4 weekend on Florida-based software firm Kaseya that infected up to 1500 businesses around the world, according to the charges filed in the US District Court for the Northern District of Texas.

The REvil ransomware gang was also behind the ransomware attacks on meat processor JBS in Australia in May.

Vasinskyi and another alleged REvil operative, Russian national Yevgeniy Polyanin, were charged by the United States with conspiracy to commit fraud and conspiracy to commit money laundering, among other charges.

The Treasury Department also said the two operatives face sanctions for their role in ransomware incidents in the United States, as well as a virtual currency exchange called Chatex “for facilitating financial transactions for ransomware actors”.

Vasinskyi was responsible for the July 2021 ransomware activity against Kaseya, “which caused significant disruptions to the computer networks of Kaseya’s customer base,” the Treasury said.

One of the most widespread ransomware attacks came with the corruption of a widely used software tool made by Kaseya. Many Kaseya customers were infected at once with REvil encryption. Some paid ransoms, though a master decryption key was eventually recovered by authorities and distributed weeks later.

The Treasury said more than $US200 million in ransom payments were paid in bitcoin and Monero. It added that Latvian and Estonian government agencies were vital to the investigation.

Vasinskyi, 22, was being held in Poland pending US extradition proceedings, while Polyanin, 28, remained at large.

Up to 1500 businesses around the world have been affected by ransomware attacks centred on Kaseya, which provides software tools to IT outsourcing shops. Such companies typically handle back-office work for companies too small or modestly resourced to have their own tech departments.

The US indictment of the Ukrainian hacker said he and other conspirators started deploying hacking software around April 2019 and “regularly” updated and refined it. The indictment also accused the hacker of laundering money obtained through a hacking extortion scheme.

Europol said earlier on Monday that Romanian authorities on November 4 arrested two individuals suspected of cyberattacks deploying the REvil ransomware. Since February, law enforcement authorities have arrested three other affiliates of REvil, Europol added.

Twelve suspects believed to have mounted ransomware attacks against companies or infrastructure in 71 countries were “targeted” in raids in Ukraine and Switzerland, Europol said on Friday.

Reuters

Get a note direct from our foreign correspondents on what’s making headlines around the world. Sign up for the weekly What in the World newsletter here.

Most Viewed in World

From our partners

Source: Read Full Article