November 8, 2021, may have been the most significant single day in the United States’ “whole of government” anti-ransomware campaign. The Department of Justice, Department of the Treasury, and Department of State all announced major actions—most of which were targeted against the REvil criminal hacking group.
Since 2019, REvil (also known as Sodinokibi) has been one of the most notorious and prolific perpetrators of ransomware attacks, including the attack against international meat processor JBS in May 2021 and the attack targeting Kaseya and up to 1,500 users of the company’s VSA software in July 2021.
We summarize the Monday’s major activities here.
Department of Justice: Indictments Against REvil Leaders and Seizure of $6.1M
The Department of Justice announced indictments in the Northern District of Texas against two individuals associated with REvil: Yaroslav Vasinskyi of Ukraine and Yevgeniy Polyanin of Russia. The two are charged with several counts of conspiracy to commit fraud, violate the Computer Fraud and Abuse Act, and launder money.
Vasinskyi was arrested in Poland on October 8, 2021, and is being held there as the United States seeks his extradition. The federal government alleges that Vasinskyi was responsible for REvil’s attack against Kaseya, headquartered in Austin, Texas, among other attacks dating back to 2019.
Polyanin, who has not been detained, is alleged to have perpetrated attacks against numerous companies in Texas throughout 2019. In addition to the indictments against Polyanin, the Department of Justice announced the seizure of $6.1 million in funds traceable to alleged ransom payments from his account with FTX, a cryptocurrency exchanged based in the Bahamas.
The cases against Vasinskyi and Polyanin are part of the Department of Justice’s Ransomware and Digital Extortion Task Force created last spring. The Department of Justice credited an international effort with the arrest of Vasinskyi and the indictments and the seizure of Polyanin’s funds.
Also on November 8, 2021, the European Union Agency for Law Enforcement Cooperation (commonly known as “Europol”) announced that Romanian authorities arrested two other individuals for suspected…