Alleged perpetrators of the ransomware attack on, Kaseya – an IT firm that helped systems administrators manage large networks, have been charged by the US Department of Justice for the attack. This case is part of the Department of Justice’s Ransomware and Digital Extortion Task Force, which was created to combat the growing number of ransomware and extortion attacks.
According to the DOJ, an indictment charges Yaroslav Vasinskyi, 22, a Ukrainian national, with conducting ransomware attacks against multiple victims, including the July 2021 attack against Kaseya. On Oct. 8, Vasinskyi was arrested in Poland where he remains in custody pending proceedings in connection with extradition to the United States
Yevgeniy Polyanin, 28, a Russian national, is also charged with conducting Sodinokibi/REvil ransomware attacks against multiple victims, including businesses and government entities in Texas.
The DOJ also reported the seizure of the illicit gains in the amount of $6.1 million. The funds were held in an FTX account, according to a seizure warrant.
Attorney General Merrick Garland commented:
“Cybercrime is a serious threat to our country: to our personal safety, to the health of our economy, and to our national security. Our message today is clear. The United States, together with our allies, will do everything in our power to identify the perpetrators of ransomware attacks, to bring them to justice, and to recover the funds they have stolen from their victims.”
FBI Director Christopher Wray said the arrest of Vasinskyi, the charges against Polyanin as well as the seizure of the funds, along with arrests of other complicit individuals in Romania are the culmination of close collaboration between the US government, international authorities as well as private sector partners:
“The FBI has worked creatively and relentlessly to counter the criminal hackers behind Sodinokibi/REvil. Ransomware groups like them pose a serious, unacceptable threat to our safety and our economic well-being. We will continue to broadly target their actors and facilitators, their infrastructure, and their money, wherever in the world those might be.”
According to court filings, Vasinskyi was allegedly responsible for the July 2 ransomware attack against Kaseya. In the alleged attack, Vasinskyi caused the deployment of malicious Sodinokibi/REvil code throughout a Kaseya product that caused the Kaseya production functionality to deploy REvil ransomware to “endpoints” on Kaseya customer networks. After the remote access to Kaseya endpoints was established, the ransomware was executed on those computers.
Notes were part of the cyber hack that demanded payment in crypto – Bitcoin and Monero specifically. Monero is a privacy coin that attempts to cover transfer tracks and Bitcoin is the most popular crypto in the world.
Vasinskyi and Polyanin are charged in separate indictments with conspiracy to commit fraud and related activity in connection with computers, substantive counts of damage to protected computers, and conspiracy to commit money laundering. If convicted of all counts, each faces a maximum penalty of 115 and 145 years in prison, respectively.
The $6.1 million seized from Polyanin is alleged to be traceable to the ransomware attacks as well as money laundering.
Polyanin has not yet been apprehended but he is “believed to be abroad.”