The US says it helped nab a Ukrainian man for allegedly instigating the REvil ransomware attack on the IT services provider Kaseya, which ensnared hundreds of companies this past summer.
On Monday, the Justice Department announced the suspect Yaroslav Vasinsky was arrested at the Polish borders on an international warrant from the US. Federal officials are now seeking his extradition to the US to stand trial.
The Justice Department alleges Vasinsky and his co-conspirators authored the REvil ransomware strain and then spread it to companies, including Kaseya back on July 2nd. By compromising Kaseya, the hackers were able to deliver a ransomware payload to hundreds of the company’s enterprise customers, encrypting the affected computers. Victims were then told to pay up millions in Bitcoin or risk losing their data forever.
The Justice Department said it acted relatively quickly to identify the culprits behind the Kaseya attacks. On August 11th, federal investigators filed a sealed indictment against Vasinsky. On October 8th, Polish police then arrested Vasinsky while he was crossing the Polish-Ukrainian border.
US officials touted the arrest on Monday as the White House has made fighting ransomware a national security priority. “Our message to ransomware criminals is clear: If you target victims here, we will target you,” said US Deputy Attorney General Lisa Monaco during the announcement.
On the same day, the Justice Department announced it was also charging a 28-year-old Russian named Yevgeniy Polyanin for conducting attacks using the Revil ransomware strain. Federal officials also managed to seize $6.1 million in cryptocurrency funds Polyanin allegedly received from his ransomware victims.
However, Vasinsky and Polyanin may simply just be “affiliates” or customers who bought access to deploy the REvil ransomware strain. Cybersecurity firms suspect the main developers of REvil are based somewhere in Russia, a country that refuses to extradite criminal suspects to the US.
To fight back, the US has announced a $10 million reward for any information that could lead to the identification or location of the head hackers behind the REvil ransomware gang. The US Treasury Department is also sanctioning a cryptocurrency exchange named Chatex for allegedly facilitating ransomware payments to the attackers.
In addition, US officials stressed the importance of victim companies reporting a ransomware attack to the FBI once it occurs as soon as possible. Otherwise, it may be too late for federal investigators to respond.
“Failure to timely report also puts other potential victims in jeopardy,” said US Attorney General Merrick Garland. “It deprives investigators information they need to forestall or mitigate other attacks. It is for this reason that we urge Congress to create a national standard for reporting significant cyber incidents, and to require the reported information be shared immediately with the Justice Department.”
