Monday, March 27, 2023 | Back issues
Courthouse News Service Courthouse News Service

Ukrainian man charged, another has millions seized, over July ransomware attack

As part of an international probe of digital crimes, the United States announced hacking charges and the return of millions in stolen funds Monday.

WASHINGTON (CN) — The Department of Justice announced charges Monday in connection to a digital ransomware attack that rattled thousands of businesses around the world over the Fourth of July, one of a series of attacks that also caused a temporary shutdown of a American meat processor.

Yaroslav Vasinskyi, of Ukraine, was arrested last month in Poland, and U.S. Attorney General Merrick Garland said the Department of Justice has called for his extradition.

Vasinskyi is accused of working as part of an international ransomware gang known as Sodinokibi or REvil to hold digital systems hostage and demand payment in return. The group is said to have disrupted more than 1,000 small businesses across the country when it targeted the Florida-based software company Kaseya in an attack over the Fourth of July weekend, demanding $70 million in cryptocurrency.

Separately Monday, the United States indicted another REvil attacker, Yevgeniy Polyanin of Russia, on charges that he carried out 3,000 attacks in the United States including extortion schemes targeting law enforcement and local municipalities in Texas. Both cases were filed in the Northern District of Texas.

Garland noted that the department has seized $6.1 million from Polyanin already — an amount that represents less than half of the approximately $13 million Polyanin is said to have extorted.

"Cybercrime is a serious threat to our country, to our personal safety, to the health of our economy and to our national security," Garland said.

Department officials touted the international cooperation that led to Vasinskyi's arrest and the seized assets from Polyanin.

Indeed, only hours before Garland's press conference, European authorities announced the arrest of seven people accused of carrying out international ransomware attacks.

Europol said two of the arrested suspected hackers, one of which is presumed to be Vasinskyi, are believed to be REvil members. Another accused hacker was arrested in Kuwait last week, meanwhile South Korean officials have arrested three alleged cybercriminals since last February, and another accused hacker was charged in Europe in October.

These international arrests are part of a collaborative investigation between the United states and 16 other countries.

"Our message today is clear. The United States together with our allies will do everything in our power to identify the perpetrators of ransomware attacks and bring them to justice and to recover the funds they have stolen from the American people," Garland said.

Deupty Attorney General Lisa Monaco emphasized the need for targeted businesses to comply and come forward to law enforcement when they have experienced a ransomware attack.

"We are here today because, in their darkest hour, Kaseya made the right choice and they decided to work with the FBI," Monaco said at the press conference.

Garland said Congress can facilitate future investigations by creating a national standard for businesses to report cyberattacks and immediately share the details of digital crimes with the Justice Department. He also called on businesses to invest in cybersecurity training and software.

"We all must play a role in improving our cyber defenses," Garland said.

Read the Top 8

Sign up for the Top 8, a roundup of the day's top stories delivered directly to your inbox Monday through Friday.

Loading...