The Justice Department said today it has arrested one alleged perpetrator and charged another for their participation in the REvil-enabled supply chain ransomware attack against American software firm Kaseya that impacted several hundred businesses this summer.
The Russia-based REvil organization, which provides ransomware-as-a-service technologies, also launched a ransomware attack against U.S.-based meat producer JBS USA earlier this year. Those two attacks were part of a wave of high-profile exploits against U.S. targets that prompted President Biden to publicly elevate such attacks as national security issues, and engage on them with Russian President Vladimir Putin.
Following the Kaseya attack, President Biden announced July 3 that he was directing the “full resources of the government to assist in the response.” Just days later, President Biden discussed the attack with Russian President Putin, and by mid-July, REvil’s ransomware sites had disappeared from the dark web.
Today, DoJ said it indicted 22-year old Ukrainian national Yaroslav Vasinskyi, charging him with conducting ransomware attacks against multiple targets, including Kaseya. Vasinskyi was arrested in Poland on those charges.
The Justice Department also charged Yevgeniy Polyanin, a 28-year old Russian national, with conducting REvil-enabled ransomware attacks against multiple victims and said it seized $6.1 million in funds traceable to alleged ransom payments he received.
“Vasinskyi and Polyanin accessed the internal computer networks of several victim companies and deployed Sodinokibi/REvil ransomware to encrypt the data on the computers of victim companies,” DoJ alleged.
“Cybercrime is a serious threat to our country: to our personal safety, to the health of our economy, and our national security,” commented Attorney General Merrick Garland. “Our message today is clear. The United States, together with our allies, will do everything in our power to identify the perpetrators of ransomware attacks, to bring them to justice, and to recover the funds they have stolen from their victims.”
“Our message to ransomware criminals is clear: If you target victims here, we will target you,” said Deputy Attorney General Lisa Monaco. “The Sodinokibi/REvil ransomware group attacks companies and critical infrastructures around the world, and today’s announcements showed how we will fight back.”
President Biden hailed the DoJ actions in a statement, saying, “since the earliest days of my Administration, cybersecurity has been a core priority as we have marshaled a comprehensive national effort, as well as broad international coordination, to protect our people and critical infrastructure, our allies, and our interests.”
“When I met with President Putin in June, I made clear that the United States would take action to hold cybercriminals accountable,” President Biden said. “That’s what we have done today. We are bringing the full strength of the federal government to disrupt malicious cyber activity and actors, bolster resilience at home, address the abuse of virtual currency to launder ransom payments, and leverage international cooperation to disrupt the ransomware ecosystem and address safe harbors for ransomware criminals.”
“While much work remains to be done, we have taken important steps to harden our critical infrastructure against cyberattacks, hold accountable those that threaten our security, and work together with our allies and partners around the world to disrupt ransomware networks — and my Administration will continue to use every tool available to us to protect the American people and American interests against cyber threats,” he said.