[BreachExchange] US seizes $6 million in ransom payments and charges Ukrainian over major cyberattack

Terrell Byrd terrell.byrd at riskbasedsecurity.com
Mon Nov 8 13:40:09 EST 2021


https://www.cnn.com/2021/11/08/politics/revil-ransomware-attack-charges/index.html


Law enforcement officials seized an estimated $6 million in ransom payments
and federal prosecutors charged a suspect from Ukraine over a damaging July
ransomware attack on an American company in a breakthrough for the Biden
administration's pursuit of cybercriminals, the Justice Department
announced Monday.

Yaroslav Vasinskyi, a Ukrainian national who was arrested in Poland last
month, is accused of deploying ransomware known as REvil, which has been
used in hacks that have cost US firms millions of dollars. Vasinskyi
conducted a ransomware attack over the Fourth of July weekend on
Florida-based software firm Kaseya that infected up to 1,500 businesses
around the world, according to an indictment unsealed Monday.
Vasinskyi and another alleged REvil operative, Russian national Yevgeniy
Polyanin, are charged with conspiracy to commit fraud and conspiracy to
commit money laundering, among other charges. As part of the investigation,
authorities seized at least $6 million in funds allegedly linked to ransom
payments received by Polyanin, US officials said.
CNN was first to report on the law enforcement actions before the Justice
Department announcement.
The law enforcement bust is one of the most impactful actions yet in the
Biden administration's multipronged fight against ransomware, which
accelerated after a series of hacks hampered US critical infrastructure
firms this year. While some ransomware groups have continued to breach US
companies and demand payment, others have gone quiet in recent months.
Vasinskyi, 22, is being held in Poland pending US extradition proceedings,
while Polyanin, 28, remains at large. CyberScoop, first reported that
Vasinskyi had been arrested.
The Treasury Department on Monday also imposed sanctions on Vasinskyi and
Polyanin, as well as cryptocurrency exchange that allegedly has moved money
for ransomware operatives.
The State Department meanwhile announced a reward of up to $10 million for
information leading to the identification or location of the leadership of
the REvil ransomware gang. The department is also offering up to $5 million
for information leading to an arrest or conviction of anyone conspiring or
attempting to participate in REvil ransomware attacks.
US officials have pursued diplomacy with the Russian government, sanctioned
a cryptocurrency exchange and exhorted companies to raise their cyber
defenses. But experts say that putting ransomware operators in handcuffs is
a crucial part of the US strategy to curb attacks. Romanian authorities
last week arrested two additional alleged REvil operatives, Europol
announced Monday. And South Korean authorities last month extradited to the
US a Russian man accused of being part of a different crime ring that
infected millions of computers worldwide.
In a crowded landscape of cyber crooks, REvil has stood out for a series of
brazen attacks. The group reportedly demanded $50 million from Apple
earlier this year after hacking one of the tech giant's suppliers.
The FBI has also blamed REvil for a May ransomware attack on JBS USA, which
accounts for about a fifth of US beef production. The incident forced JBS
to temporarily shut down production at facilities in Australia, Canada and
the US. JBS paid the hackers $11 million to unlock their systems.
REvil has had a volatile few months. The websites the group uses to extract
ransoms and shame victims went offline after the Kaseya hack, only to
reemerge in September. But the group shut down again last month after a
foreign government and Cyber Command, the US military's hacking unit,
compromised the group's computer infrastructure, according to a Washington
Post report.
President Joe Biden in June asked Russian President Vladimir Putin to take
action against criminal hackers that were holding US companies hostage. But
the Russian government has historically been reluctant to pursue
cybercriminals on its own soil as long as the hackers refrain from hitting
Russian targets.
Since the Biden-Putin summit, "We have not seen a material change in the
landscape," US Deputy Attorney General Lisa Monaco told the Associated
Press last week. "Only time will tell as to what Russia may do on this
front."
To turn up the pressure, the State Department last week announced a $10
million reward for key information on the hackers behind the so-called
DarkSide ransomware, which forced major US fuel provider Colonial Pipeline
to shut down for days in May.
Government agencies have leaned heavily on private experts in their pursuit
of criminal hackers. Cybersecurity firm Emsisoft, for example, saved
victims of a type of ransomware millions of dollars in ransom payments by
discovering a flaw in the hackers' code.
No single law enforcement action will be a fatal blow to the lucrative,
transnational ransomware economy.
Victims of ransomware attacks paid about $350 million in ransoms in 2020,
according to Chainalysis, a firm that tracks cryptocurrency. But that
figure is likely just a fraction of the digital extortion that went on that
year. And victims who don't pay the ransom can spend millions of dollars
rebuilding their computer infrastructure.
FBI Director Christopher Wray told US lawmakers in September that the
bureau was investigating more than 100 different types of ransomware.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20211108/d5315f96/attachment.html>


More information about the BreachExchange mailing list