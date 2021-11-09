



The US Department of Justice (DOJ) has indicted a 22-year-old Ukrainian citizen linked to the REvil ransomware gang for orchestrating the July ransomware attack on US tech company Kaseya. He also seized over $ 6 million in ransom linked to another member of the notorious ransomware group.

At a press conference on Monday, US Attorney General Merrick Garland announced that Yaroslav Vasinskyi was arrested last month in Poland at the behest of the US government and that he is currently being held pending legal proceedings. American extradition. Vasinskyi, who used different names online to avoid detection, is accused of being a long-time affiliate of the now-defunct REvil ransomware operation and of deploying 2,500 attacks on businesses in the whole world.

Most notably, Vasinskyi, whose ransom demands totaled $ 767 million, is accused of being involved in the high-profile attack on Kaseya, which affected more than 1,500 companies in the United States and prompted a demand for ransom of $ 70 million.

U.S. officials also seized $ 6.1 million in hacking campaigns linked to another REvil affiliate, Russian national Yevgeniy Polyanin, who is accused of carrying out 3,000 ransomware attacks and extorting around 13 million dollars to the victims, US officials said. Vasinsky and Polyanin have both been charged with conspiracy to commit money laundering, conspiracy to commit fraud and willful damage to a protected computer.

The Department of Justice is sparing no resources to identify and bring to justice anyone, anywhere, targeting the United States with a ransomware attack, Garland said.

The U.S. government isn’t just going after hackers, as the Treasury Department today also announced sanctions against the Chatex cryptocurrency exchange for facilitating ransom transactions.

In addition, the State Department announced a reward of up to $ 10 million “for information that can identify or locate anyone in a key leadership position in the transnational organized crime group Sodinokibi / REvil variant ransomware” . up to $ 5 million for information leading to the arrest or conviction of anyone involved in a REvil variant ransomware incident.

Last week, it announced a similar bounty for key information about the hackers behind the so-called DarkSide ransomware, which forced the main U.S. fuel supplier Colonial Pipeline to shut down for several days in May. Prior to that, the United States recovered $ 2.3 million from the ransomware payment that Colonial Pipeline made to the ransomware gang.

Over the past five months, DoJ efforts have resulted in the arrest of seven REvil affiliates. European law enforcement agency Europol announced on Monday that two hackers who used REvil ransomware to infect and attempt to extort up to 5,000 victims had been arrested in Romania. The two anonymous individuals, who pocketed 500,000 (approximately $ 578,000) in ransom payments, were arrested on November 4, according to Europol. On the same day, Kuwaiti authorities also arrested a third REvil ransomware affiliate.

In addition to Vasinskyi, who was arrested in October while attempting to enter Poland from his home country, two other people suspected of being affiliates of REvil were apprehended in South Korea in February and April. revealed to law enforcement for the first time today.

A total of seven suspects linked to the two ransomware families have been arrested since February 2021, Europol said. They are believed to have assaulted around 7,000 victims in total.

The arrests are the result of Operation GoldDust, which involved law enforcement officers from 17 countries, Europol, Eurojust and Interpol. The operation also received support from the cybersecurity industry from companies such as Bitdefender, KPN and McAfee. Bitdefender researchers provided technical information throughout the investigation, as well as decryption tools to help victims of ransomware attacks recover their files without having to pay the ransom.

According to Europol, REvil decryption tools have helped more than 1,400 companies decrypt their networks following ransomware attacks, saving more than 475 million ($ 550 million) on payments to cybercriminals. According to US officials, the entire REvil ransomware operation received more than $ 200 million. since the start of its activity.

These arrests are the latest in a series of law enforcement operations targeting ransomware operations. Last month, a Europol-led operation targeted 12 suspects in Ukraine and Switzerland believed to be behind LockerGoga, MegaCortex, Dharma and other ransomware attacks.

