As a global crackdown on ransomware gangs continues, the Justice Department announced Monday the arrest of a hacker with alleged ties to the REvil group, as well as the seizure of some $6.1 million in ransom payments.
During a press conference, Justice officials announced details of the arrest of Yaroslav Vasinskyi, a 22-year-old Ukrainian national, who is alleged to be connected to REvil and was recently taken into custody as the result of an international law enforcement operation.
REvil, which emerged in 2019, has been responsible for a number of attacks on prominent U.S. businesses and entities. According to court documents unsealed Monday, Vasinskyi helped carry out a large attack on global IT provider Kaseya this past July—the likes of which affected hundreds of businesses throughout the world.
Vasinskyi recently traveled from Ukraine and entered Poland, where he was arrested, officials said Monday. American officials have now requested that he be extradited to the U.S. and a federal indictment connected to Vasinskyi was also unsealed on Monday.
Justice officials also announced charges against Yevgeniy Polyanin, a 28-year-old Russian national who is accused of “conducting Sodinokibi/REvil ransomware attacks against multiple victims,” including a prominent attack in Texas in 2019. Officials said that the $6.1 million in cryptocurrencies that had recently been confiscated were ransom payments made to Polyanin as the result of his use of malware on various victims. Polyanin is still at large.
Both Vasinskyi and Polyanin now faces charges of “conspiracy to commit fraud and related activity in connection with computers, substantive counts of damage to protected computers, and conspiracy to commit money laundering.” If convicted, they could each respectively see life-long prison terms.
News of charges against the two men signal a broader crackdown on the ransomware underworld by international authorities. DOJ’s press conference was accompanied by an announcement Monday from Europol which said that a total of seven different ransomware suspects had recently been arrested—including five reputed to be members of REvil. The State Department also recently announced a $15 million reward for anyone who can provide information leading to the arrest of additional REvil members.
Merrick Garland, the U.S. Attorney General, spoke during Monday’s press conference, noting that ransomware was a threat to a multitude of U.S. interests.
“These attacks have targeted our critical infrastructure, law enforcement agencies, hospitals, schools, municipalities, and businesses of all sizes,” said Garland. “Together, with our partners, the Justice Department is sparing no resource to identify and bring to justice anyone, anywhere, who targets the United States with a ransomware attack.”
Garland described Vasinskyi as “an alleged perpetrator of a significant, wide-reaching” attack.
It’s unclear why Vasinskyi traveled to Poland. When queried on the issue at Monday’s press conference, FBI Director Christopher Wray said merely: “People travel for lots of reasons,” adding “But boy, are we glad that he did.” Ukraine does not have an extradition policy with the U.S.
The Kaseya attack, which occurred over the 4th of July weekend, was one of the largest of its kind in recent memory. REvil’s malware was used to infect Kaseya’s software, which subsequently infected the company’s customer base. A total of some 1,500 businesses were ultimately affected by the attack.
“Our message to ransomware criminals is clear: If you target victims here, we will target you,” said Deputy Attorney General Lisa A. Monaco at Monday’s press conference. “The Sodinokibi/REvil ransomware group attacks companies and critical infrastructures around the world, and today’s announcements showed how we will fight back.”
This story has been updated to include more details and context.