US law enforcement officials have seized about $6 million in ransonware ransom payments, and federal prosecutors have charged a Ukrainian suspect with a July attack on a US company.
The investigation is a breakthrough in the Biden government’s pursuit of cybercriminals, the Justice Department announced on Monday (8).
Yaroslav Vasinskyi, a Ukrainian citizen who was arrested in Poland last month, is accused of sending a ransonware known as REvil, which has been used in hacks that cost US companies millions of dollars.
Vasinskyi conducted an attack over the July 4 weekend at Florida-based software company Kaseya, which infected up to 1,500 companies worldwide, according to an unsealed indictment on Monday.
Vasinskyi and another alleged REvil agent, Yevgeniy Polyanin, a Russian national, are accused of conspiracy to commit fraud and money laundering, among other charges.
As part of the investigation, authorities seized at least $6 million in funds allegedly linked to ransom payments received by Polyanin, US officials said.
A CNN was the first to report on law enforcement actions before the Justice Department’s announcement.
The bust is one of the most impactful actions to date in the fight against ransonware rescue, which has accelerated after a series of hacks crippled US infrastructure companies this year.
While some ransonware groups have continued to violate US companies and demand payment, others have been quiet in recent months.
Attorney General Merrick Garland said at a news conference that the US and its allies would do “everything in our power” to track down the ransonware operators and recover the money “they stole from the American people.”
Vasinskyi, 22, is imprisoned in Poland pending the US extradition process, while Polyanin, 28, remains at large. The CyberScoop portal first reported that Vasinskyi had been arrested.
The Treasury Department also imposed sanctions on Vasinskyi and Polyanin on Monday, as well as the crypto-currency exchange that allegedly moved money to rescue agents.
Meanwhile, the State Department announced a reward of up to $10 million for information leading to the identification or location of the leader of the REvil ransonware gang.
The Department is also offering up to $5 million for information leading to the arrest or conviction of anyone who conspires or attempts to participate in the group’s attacks.
US officials lead by diplomacy with the Russian government, sanctioned an exchange of cryptographic currencies and urged companies to lift their cyber defenses.
But experts say putting operators in handcuffs is a crucial part of the US strategy to contain the attacks.
Romanian authorities last week arrested two more alleged REvil operators, Europol announced on Monday. And South Korean authorities last month extradited to the US a Russian man accused of being part of a different criminal network that has infected millions of computers around the world.
Biden government has made fighting groups a priority
In June, President Joe Biden asked Russian President Vladimir Putin to take action against criminal hackers who were holding American companies hostage.
But the Russian government has historically been reluctant to pursue cybercriminals on its own soil, at least as long as hackers refrain from hitting Russian targets.
However, since the Biden-Putin summit, “we haven’t seen a material change in the landscape,” US Deputy Attorney General Lisa Monaco told the Associated Press last week. “Only time will tell what Russia can do on this front.”
On Monday, Garland declined to comment when asked whether the Russian government was aware of or condoned the REvil activity, citing an ongoing investigation.
In a scenario teeming with cybercriminals, REvil has been highlighted by a series of brazen attacks. The group reportedly demanded $50 million from Apple earlier this year after breaking into one of the tech giant’s suppliers.
The FBI also blamed REvil for an attack on JBS USA, which is responsible for about a fifth of US beef production. The incident forced JBS to temporarily halt production at facilities in Australia, Canada and the US. JBS paid hackers $11 million to unlock their systems.
REvil has been deployed to about 175,000 computers worldwide, with at least $200 million paid in ransom, Garland said on Monday. Polyanin reportedly conducted about 3,000 ransonware attacks, including some on law enforcement agencies and counties across Texas, Garland said.
REvil has gone through a period of volatility in recent months. The sites the group uses to extract ransoms and pressure victims went offline after the Kaseya hack, but resurfaced in September.
However, the group closed again last month after a foreign government and Cyber Command, the US military’s hacking unit, compromised the group’s computer infrastructure, according to a Washington Post report.
To add to the pressure, the State Department last week announced a $10 million reward for key information about the hackers behind the so-called “DarkSide ransomware” that forced the largest US fuel supplier, Colonial Pipeline, to to close for days in May.
Government agencies have relied heavily on private experts in their pursuit of criminal hackers. Cybersecurity company Emsisoft, for example, saved victims from a multi-million dollar ransom by discovering a flaw in the hackers’ code.
John Fokker, a former Dutch cybercrime prosecutor who is now with cybersecurity firm McAfee Enterprise, told CNN that his team helped authorities identify several suspects involved in REvil and Gandcrab, another type of ransonware.
No single law enforcement action will be a fatal blow to the lucrative economy of bailing out ransonware intrusions.
According to Chainalysis, a company that tracks cryptographic currency, victims of ranson attacks paid about $350 million in ransom in 2020. But that number is probably only a fraction of the digital extortion that took place that year. And victims who don’t pay the ransom can spend millions of dollars rebuilding their computer infrastructure.
FBI Director Christopher Wray told US lawmakers in September that the bureau was investigating more than 100 different types of ransonware.
*This article has been translated. Read the original in English
Reference: CNN Brasil
Donald-43Westbrook, a distinguished contributor at worldstockmarket, is celebrated for his exceptional prowess in article writing. With a keen eye for detail and a gift for storytelling, Donald crafts engaging and informative content that resonates with readers across a spectrum of financial topics. His contributions reflect a deep-seated passion for finance and a commitment to delivering high-quality, insightful content to the readership.
