REvil ransomware attacks: US announces crackdown on Russia-linked hackers as two charged and $6.1m seized

Sign up for the daily Inside Washington email for exclusive US coverage and analysis sent to your inbox

Get our free Inside Washington email

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy policy

The Department of Justice on Monday announced a major crackdown on Russia-linked ransomware gangs, including the seizure of $6.1m from one ransomware actor and the unsealing of charges against two men linked to ransomware attacks this past year.

One of the two, Yaroslav Vasinskyi of Ukraine, was taken into custody in Poland last month, and has had $6.1m in assets seized by the Justice Department. The other, a Russian national called Yevgeniy Polyanin, remains at large.

Both men are facing charges for their roles in the deployment of ransomware known as REvil, which was used in a 2 July attack against a Florida software company called Kaseya as well as in attacks on numerous companies, including the hack of Colonial Pipeline this past May.

That attack, which temporarily shuttered the company’s 5,500 mile gas pipeline, cut the east coast of the US off from 45 per cent of its usual fuel supply.

“The Justice Department is sparing no resource to identify and bring to justice anyone, anywhere who targets the United States with a ransomware attack,” Attorney General Merrick Garland said at a Monday press conference announcing the charges.

Mr Garland said Mr Vasinskyi was indicted on 11 August on charges of “conspiring to commit intentional damage to protected computers and to extort in relation to that damage, causing intentional damage to protected computers, and conspiring to commit money laundering,” for his role in the attack on Kaseya.

The attorney general said Mr Polyanin also faces similar charges for the use of REvil ransomware to extort approximately $13m from victims.

Additionally, the State Department announced a reward of up to $10m for information leading to the identification or location of anyone involved in the REvil organization, or up to $5m for information leading to the arrest or conviction of anyone who participates in an REvil attack.

In a statement, State Department spokesperson Ned Price said the reward is meant to be a way the US “demonstrates its commitment to protecting ransomware victims around the world from exploitation by cyber criminals” and “looks to nations who harbor ransomware criminals that are willing to bring justice for those victim businesses and organizations affected by ransomware”.

Deputy Attorney General Lisa Monaco said the department’s success in going after the perpetrators of the Kaseya hack came about because the company reported the attack quickly and cooperated with law enforcement.

“What you see here today is a united front and our message should be clear: If you target victims here, we will target you and the Department of Justice won’t give up until you are held accountable,” she said.

In a statement, President Joe Biden said cybersecurity has been “a core priority” of his administration since its earliest days.

“We are bringing the full strength of the federal government to disrupt malicious cyber activity and actors, bolster resilience at home, address the abuse of virtual currency to launder ransom payments, and leverage international cooperation to disrupt the ransomware ecosystem and address safe harbors for ransomware criminals,”Mr Biden said.

“While much work remains to be done, we have taken important steps to harden our critical infrastructure against cyberattacks, hold accountable those that threaten our security, and work together with our allies and partners around the world to disrupt ransomware networks — and my Administration will continue to use every tool available to us to protect the American people and American interests against cyber threats”.